Headline
CVE-2023-6073: CVE-2023-6073: DoS and Control of Volume Settings for VW ID.3 ICAS3 IVI ECU - Automotive Security Research Group
Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.
Vulnerabilities in Volkswagen in-vehicle infotainment systems
Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.
Demo Video Volume Manipulation
Demo Video IVI DoS
CVE Record: https://nvd.nist.gov/vuln/detail/CVE-2023-6073
Discovered by Hannah Wieser, Jannis Hamborg, Timm Lauser, Thomas Schäfer, Christoph Krauß at the DEPARTMENT OF COMPUTER SCIENCE at h_da Hochschule Darmstadt.