Hackers find a way to disable your cars airbag system

0
Hackers find a way to disable your cars airbag system

Hackers Find A Way To Disable Airbag Systems in automobiles

Car Hacking is one of the most talked about subjects today. Rightly so, given the risks attached to hacked car. As we jump into the future, more and more manufacturers are offering smart cars which will run on drive-by-wire system and connected to the Internet. While this means better and more sophisticated cars for the car buyers, but it also means that hackers have the chance of hacking and controlling the car especially when majority of car’s functions are electronically controlled, from instrument cluster to steering, brakes, and accelerator.
Previously researchers demonstrated how hackers can remotely hijack your car to control its steering, brakes and transmission.  Hackers have once again shown just how vulnerable the computer systems in present day vehicles are, adding concern to how safe the self driving cars of the not too distant future will be.
Researchers Levente Buttyán and András Szijj of CrySyS Lab, and Zsolt Szalay of Budapest University of Technology and Economics have shown how easily one could disable the all important safety feature in cars, the airbags. Using a zero day vulnerability in software popular with car mechanics, the researchers were able to disable the airbag systems in cars being by Volkswagen.

The attacks, which were demonstrated to the media using an Audi TT car sold by Volkswagen. However the researchers said any car airbag could be similarly hacked.  This is because the vulnerability doesn’t exist in VW itself and relates solely to third-party software widely used and compatible with cars sold by the Volkswagen as well as other companies.

The exploit requires hackers to first compromise a mechanic’s diagnostic computer externally, or plug in a malicious USB device. The hack allows intruders to conceal the disabling of airbags from mechanics by falsifying diagnostic read outs from the car.

Buttyán says the most recent example of a more dangerous compromise was the recent dramatic remote hacking of Jeep engines which were disabled at high speed, had their brake operating systems seized, and locks popped.

He says the third-party software used in the hack his team demonstrated is widely-used and compatible with cars sold by the Volkswagen Group.

“It works with other cars in the VW group too without any modification. Anything that can be switched on or off from the diagnostic application could have been switched on or off. After switching off the airbag, we can consistently report to the application that it is still switched on.”

Buttyán says the flaw “has nothing to do with VW itself” but is contained in “third-party software”.

“It is not the specific software which makes our work interesting, but the main message that embedded devices are typically managed from PCs and they can be infected and used as stepping stones.” says Buttyán.

LEAVE A REPLY

Please enter your comment!
Please enter your name here