I don't know if this is the best place to put this thread. If this is not the right spot, kindly let me know where to move it (and how).

https://www.computest.nl/wp-content/uploads/2018/04/connected-car-rapport.pdf

As of 12 April 2018, VW has confirmed that there is a vulnerability involving the MIB for Golf GTE and Audi A3. The link to the document is above (scroll down to the last page).

Kindly check with VW/Audi and see if MIB has been patched.

Hope this helps.