Porsche Panic in Russia as Pricey Status Symbols Forget How to Car

by
jelizondo
from SoylentNews on (#72433)

janrinok writes:

https://www.theregister.com/2025/12/09/porsche_bricked_russia/

Hundreds of Porsches in Russia were rendered immobile last week, raising speculation of a hack, but the German carmaker tells The Register that its vehicles are secure.

According to reports, local dealership chain Rolf traced the problem to a loss of satellite connectivity to their Vehicle Tracking Systems (VTS). This meant the systems thought a theft attempt was in progress, triggering the vehicle's engine immobilizer.

Porsche HQ was unable to help or diagnose the nature of the problem. It's understood that systems like VTS are operated by local Porsche subsidiaries or dealer networks.

But following Russia's invasion of Ukraine and the imposition of sanctions, Porsche no longer exports to the country or provides after-sales service.

In a statement to The Register, a Porsche spokesperson said no other markets were affected by the issue.

"The cybersecurity of our vehicles is a central concern for Porsche," the spokesperson told us. "Protection against cybersecurity attacks is ensured by comprehensive security processes and technical measures over the entire life cycle of our vehicles. The measures include, among other things, secure software updates, protected communication channels, and regular security tests for the early detection of suspicious activity," they added.

Resourceful Russian owners have reportedly resorted to workarounds to overcome the problem, including disabling or rebooting the VTS, or removing it entirely.

Others have claimed that disconnecting their car's batteries for ten hours does the trick. These have worked in some but not all cases, apparently.

The issue sparked speculation of a cyberattack, but security and privacy experts we spoke with were dubious.

Cian Heasley, principal consultant at Acumen Cyber, said the wave of shutdowns could be well within the capabilities of a hacktivist group, but said there had been no chatter indicating this was the case.

"If this were a coordinated cyberattack, I would have expected one of the larger pro-Ukraine groups to have claimed this attack by now and posted some sort of evidence, similar to what we saw when Russian airline Aeroflot was attacked in July of this year."

Rik Ferguson, VP Security Intelligence at Forescout, said: "Modern immobilizers don't react only to what happens around the vehicle, they depend on a constant 'trust heartbeat' signal from cloud or satellite backends. From the outside, a deliberate hack and an intentional backend shutdown can look almost identical: the tracking service disappears, the car interprets that as theft, and the immobilizer kicks in."

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments