Owners of hundreds of Porsche cars in Russia cannot drive their vehicles after a significant failure in the factory-installed satellite security system.
This issue began on November 28, 2025. It affected all internal combustion engine (ICE) models in the Rolf dealership network, Russia’s biggest Porsche service provider.
Technical Breakdown Of The Alarm System Failure
The problem locks the car’s alarm unit, which stops the engine from starting. This unit uses Porsche’s Communication Management (PCM) platform for satellite tracking and remote control.
PCM connects via Globalstar or Iridium satellites for GPS location, geofencing, and theft alerts.
It relies on over-the-air (OTA) updates sent through cellular networks (LTE/5G) to firmware in the Engine Control Unit (ECU) and Body Control Module (BCM).
When the failure hit, satellite links dropped, triggering an immobilizer sequence.
The alarm sends a CAN (Controller Area Network) signal (operating at 500 kbps) to turn off the fuel injection and ignition coils.
Owners see a dashboard error like “Alarm Active – No Satellite Link.” Fixes require towing to service centers, where techs remove the alarm module, short the reset pins (typically GPIO pins 4-7), and reprogram via OBD-II port using Porsche PIWIS diagnostic tool.
This manual bypass works temporarily but risks recurrence if OTA servers push bad firmware.
Rolf Service Director Yulia Trushkova told RBC: “No connection for all ICE models. Any car can lock. We’re testing unlock methods.”
Cybersecurity Risks and Broader Implications
Experts suspect a centralized backend glitch or remote command from Porsche’s Stuttgart servers.
OTA vulnerabilities could allow attackers to spoof satellite pings using SDR (software-defined radio) tools, injecting malformed firmware packets.
Indicators of compromise (IoCs) include unusual UDP traffic on ports 12345 (Porsche OTA) or CAN IDs 0x7E0-0x7E8 with invalid checksums.
No electric models like Taycan are a hit, pointing to ICE-specific telematics stacks. Parallels exist to the 2015 Jeep hack via Uconnect or Tesla’s 2024 OTA flaws.
Geopolitical angles emerge: Russia imported 1,200+ Porsches in 2024 despite sanctions, raising kill-switch fears amid tensions (related WRTHUG router attacks).
Kaspersky monitors for malware such as CAN-injection variants. Porsche Russia referred queries to HQ; no statement yet.
Resets restore cars, but owners should disable OTA and check firmware versions (e.g., PCM 6.0+ vulnerable).
This exposes connected car risks: luxury features as cyber weak points. Global owners, review your subscriptions.
