**Porsche Outage in Russia Serves as a Stark Reminder of Connected Vehicle Security Risks**

The recent malfunction of Porsche's factory-installed satellite security system has left hundreds of car owners in Russia facing a worrying situation. The sudden engine shutdowns and fuel-delivery blocks have raised concerns about the fragility of connected vehicle security systems.

According to reports from dealerships, drivers in several Russian cities have experienced engine shutdowns and fuel delivery blocks after their cars lost satellite alarm-module connectivity. The problem appears to be caused by the Vehicle Tracking System (VTS), an onboard module that is designed to provide real-time location tracking and security monitoring.

The incident has highlighted the risks associated with connected vehicle security systems, which can become a single point of failure when they malfunction. In this case, the VTS system was able to immobilize hundreds of Porsche cars, demonstrating how deeply digital controls now influence physical safety and mobility.

While there is no evidence to suggest that the malfunction was deliberate, the situation underscores the potential risks associated with these systems. A coordinated compromise of remote immobilization features could disrupt fleets at scale, create public-safety hazards, and be leveraged for coercion or geopolitical pressure.

The incident has also raised questions about the security-critical components in modern vehicles. The episode serves as a wake-up call for the automotive industry to ensure that security-critical components are resilient, fail-safe, and designed with the assumption that remote systems may fail – or be targeted.

Rolf, a dealership group in Russia, reported a surge in service requests starting on November 28, with car owners seeking assistance to resolve the issue. According to Rolf's Service Director, Yulia Trushkova, "Currently, there is no connection for all models and types of internal combustion engines (ICEs). Any vehicle can be blocked. Currently, the blocking can be bypassed by resetting the factory alarm unit and disassembling it."

Some Porsche owners in Russia managed to restore their cars by disabling or rebooting the VTS system, while others succeeded after disconnecting the battery for hours. However, the situation remains concerning, and experts are still investigating the cause of the malfunction.

Porsche's global offices have not yet commented on the incident. The company suspended sales and operations in Russia after the 2022 invasion of Ukraine but still owns three local subsidiaries that it has been unable to sell.

The Porsche outage in Russia is a stark reminder of the risks associated with connected vehicle security systems. As the automotive industry continues to integrate more digital controls into vehicles, it is essential to prioritize robust incident response, clear communication, and transparency about root causes to maintain trust when technology can literally stop a vehicle on the road.

**Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest news and analysis on connected vehicle security risks.**