Vulnerabilities in Škoda/Volkswagen vehicles and Škoda backend

PRODUCT DESCRIPTION

Vulnerabilities affecting Škoda and Volkswagen Group vehicles were originally identified in Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Škoda Superb is a D-segment (mid-size/large) family car designed and produced by the Czech car manufacturer Škoda Auto since 2001. The third generation that is currently in production uses the MQB platform. Škoda Superb III entered production in 2015.

The car has the following features:

• MIB3 infotainment unit with touch-screen display – the unit manufactured by Preh and used in Škoda and Volkswagen cars
• SmartLink function that enables the car to communicate with owner’s portable devices via Android Auto, Apple CarPlay, MirrorLink, and potentially other communication technologies
• TCU with emergency call (E-call) function implemented via cellular network

The car uses TCU and cellular communication channel to stay online, receive OTA updates, and communicate with OEM backend.

To communicate with their cars, owners can use MyŠKODA application available for Android and iOS.

The analyzed MIB3 infotainment unit had the following identifiers:

• Part number 3V0035820J
• Hardware version: H22
• Firmware version: 0304

Hardware components highlighted are:

1. R-Car M3 Main CPU (ARM64) Executes the main OS. Has a dedicated core CARCOM running real-time OS, which handles CAN bus communications.
2. eMMC with Linux FS.
3. SPI memory chip with low-level firmware.
4. WLAN and Bluetooth chip.
5. Power controller chip (PWC), ARM32.

SUMMARY

PCAutomotive identified multiple vulnerabilities with low-to-medium criticality, allowing a would-be attacker to get access to certain debug mechanisms of the MIB3 infotainment unit and cause its denial-of-service via in-vehicle Wi-Fi network. Certain issues were also identified in the OBD interface of Škoda and Volkswagen cars. Those allow a would-be attacker to successfully pass UDS authentication on the infotainment unit.

Another issue in the OBD interface security control set allowed to issue a UDS command which caused vehicle engine and some other components to turn off while the vehicle is moving at high speed. Since one-time access to the in-vehicle OBD port is mandatory for successful exploitation, and since there exists additional exploitation restriction, the risk level was rated as medium.

Finally, two security issues were identified in Skoda cloud backend, which allowed a would-be attacker to obtain user nicknames and some vehicle data (mileage, recent trip duration, average and max. speed of the trip) by knowing only VIN number of a vehicle.

DISCLOSURE TIMELINE

TECHNICAL DETAILS

CVE-2023-28893: SWD debug interface available on infotainment ECU

Description

IVI PCB contains power controller chip (PWC) S9KEAZN64A manufactured by NXP. This chip exposes working SWD debug interface on its pins. Debugging interface is protected though: prior to debugging the chip, it is required to perform erasing of firmware and configuration stored in internal memory of the chip. Nevertheless, it is possible to reprogram PWC with firmware from firmware update package after erase operation and get debug access to PWC.

JTAG adapter, such as J-Link, can be used to connect to the SWD interface:

The interface does not allow debugging due to enabled write-protection control. However, it does allow debugging after erasing the memory content of the PWC chip. The memory content can later be restored by writing back PWC firmware obtained from public sources, or by utilizing other vulnerabilities (CVE-2023-28894 together with CVE-2023-28895).

Exploitation scenario and impact

Would-be attackers with physical access to the infotainment unit can unlock the SWD debug interface of the PWC chip. This potentially allows a slight attack surface increase.

CVE-2023-28894: Debug console on Power Controller Chip

CVE-2023-28895: Hard-coded password for access to PWC memory

Description

The PWC chip of the infotainment unit exposes an UART interface to the external socket of the unit (CVE-2023-28894), which supports the following debug commands:

\* '?'/'h': help screen

\* 'a': adc

\* 'c\*': pwc config

\* 'C': pwc counters

\* 'e'/'ec': uart statistics

\* 'fx...': fake message from cc

\* 'Fc': get flash crc

\* 'ii'/'iw'/'ir': twi stuff

\* 'm...': fake message to CARCOM

\* 'M...': send debug input to CARCOM

\* 'P1'/'P0': switch main power ON/OFF

\* 'p': port states

\* 'PWC:': switch (back) to pwc rx mode

\* 'Q': switch to uart tunnel mode

\* 'R1'/'R0': switch cpu reset

\* 'u': updater stuff

\* 'v': version infos

\* 't...': time stuff

\* 'T': print temperatures

\* 'X...': force soft / sw / wd reset

The console becomes available after sending a certain command to the PWC chip via another UART line connecting the PWC chip and the CARCOM core of the main CPU.

Exploitation scenario and impact

A would-be attacker with physical access to the infotainment unit can unlock the debug UART console of the PWC chip by issuing the following command to another UART line between the CARCOM core and the PWC chip:

0xF1 0x1D 0x01 0x01 <CHECKSUM 2 bytes> 0xF2.

Test pins of the UART line between PWC and CARCOM can be found on the infotainment system PCB:

From debug console, it is possible to access PWC firmware update functionality (console command ‘u') This command allows to read and modify PWC memory, thus extracting its firmware and writing an arbitrary binary code into the memory. The access is protected with the password which is hard-coded into PWC firmware (CVE-2023-28895). This potentially allows a slight attack surface increase.

CVE-2023-28896: Weak encoding for password in UDS services

CVE-2023-28897: Hard-coded password for UDS services

Description

UDS authentication for the infotainment unit is based on the following sequence of steps:

1. Request a random value (seed) from the infotainment unit.
2. Send an arithmetic addition of the static password value and the random value.

It is possible to retrieve the valid password from CAN bus traffic if it contains successful authentication attempts, by using a simple arithmetic subtraction (CVE-2023-28896). In addition to that, the password value is hard-coded into the firmware of the infotainment unit.

Exploitation scenario and impact

A would-be attacker with physical access to the OBD port can easily pass the UDS authentication on the infotainment unit and issue diagnostic commands to it. This potentially allows a slight attack surface increase.

CVE-2023-28898: Head Unit Denial-of-Service via Apple CarPlay service

Description

HTTP/RTSP service on port 7000/tcp which is available when the client is connected to vehicle’s HU via CarPlay, incorrectly handles requests to the /logs scenario where id parameter is specified.

An attacker, who is connected to the same wireless network can send specially crafted request, for example, the following:

ANY /logs?id=0 RTSP/1.0

Host: 10.173.189.1:7000

In some cases, two consequent requests are required.

Exploitation scenario and impact

A would-be attacker with access to the in-vehicle Wi-Fi network can cause denial-of-service of the infotainment unit if Apple CarPlay interface between the infotainment unit and another device is established.

CVE-2023-28899: Denial of Service via ECU reset service

Description

Sending a certain broadcast UDS message to the OBD port of the vehicle causes some components in the vehicle to reset. As a result, the running engine immediately turns off, and most of the vehicle systems go offline and stop functioning for several seconds. Steering wheel and brakes remain operational, or at least interruptions in their functioning were not detected during the test. The impact can be achieved within certain short milage since last trunk opening. However, the speed of the vehicle at which the attack works is not limited.

Exploitation scenario and impact

For exploitation, access to vehicle’s OBDII port is required. Attackers who once gained short-term access to OBDII port, can install wireless (cellular, Wi-Fi, or Bluetooth) interface device, gaining persistent access to vehicle diagnostic interface, and an ability to shut down vehicle engine at any speed within a short mileage (10-20 km).

CVE-2023-28900: Nickname disclosure on the backend automotive server

CVE-2023-28901: Trip data disclosure on host fal-3a.prd.eu.dp.vwg-connect.com

Description

An attacker can receive nickname and other identifiers of Škoda Connect users by arbitrary VIN number (CVE-2023-28900). This issue is categorized as Broken Access Control vulnerability. An attacker can act outside of the intended permissions that allows him to get extended information on the car’s owner.

An attacker can receive trip details by Škoda vehicle VIN number, if the primary user is registered in the vehicle. This issue is categorized as Broken Access Control vulnerability. An attacker can act outside of the intended permissions that allows him to get information on trip timestamps, fuel consumption, speed, etc.

Exploitation scenario and impact

A remote attacker can reveal Škoda vehicle user’s data, including usernames, and information about their recent trips, by issuing certain requests to Škoda backend API endpoints

SECURITY FIXES AND RECOMMENDATIONS

The backend-related issues are fixed.

PCAutomotive does not possess any information regarding fixing other identified issues.