First it was smartphones, then smart devices, then homes and now cars, the hacking industry just continues to expand each and every day technology continues to progress. In today’s day and age, many automotive dealers are pushing to run their vehicles off of the drive-by-wire system, a system where a majority of the car’s internals are being controlled electronically, everything from the steering to brakes and even the accelerator.
There is no doubt automatically controlled driving cars can not only make the road safer but be an overall better experience, however, they also put consumers at a huge risk of being hacked.
In past proof-of-concept demo’s, security researchers modeled how they were able to remotely hack into a car and control the cars internals, including the steering, brakes and even had the ability to cut the transmission. They were able to hack into a Jeep on the highway, cutting the drivers acceleration, brakes and eventually drove him into a ditch.
And now, a team of security researchers have demonstrated that it is possible to remotely cut a car’s airbags, disabling them alongside a swath of other vital functions. Researchers were able to disable the car’s airbags through a zero-day vulnerability in a third-party software commonly used by car mechanics.
The team, consisting of András Szijj and Levente Buttyán of CrySyS Lab, and Zsolt Szalay of Budapest University, demonstrated the exploit, hacking an Audi TT car produced by Volkswagen, however researchers disclosed that any car manufacturer could potentially be at risk.
The vulnerability doesn’t lie within VW itself, but instead is the sole issue of a third-party software vendor that is compatible with a majority of vehicles sold by Volkswagen among other automotive companies.
However, for hackers to disable a cars airbags, it’s not so simple as it relies on hijacking a computer that the software runs on or hacking the car itself. These methods could be executed by:
- Compromising a mechanics computer
- Having a maliciously crafted USB plugged into the vehicle
If an attacker doesn’t have one of the two options available, there is little to no chance of exploiting this vulnerability and disabling a vehicles airbags.
The attack replaces the FTDI DLL – which is used to communicate with the vehicles diagnostic cables – with a malicious version, which according to the security trio, is the easiest known way of hacking any smart enabled car.
Once infected, the hacker has full control over the car’s diagnostic system, allowing them to tinker with switches, turn ON and OFF settings, all without the drivers knowledge.
“Anything that can be switched on or off from the diagnostic application could have been switched on or off,” Buttyán said speaking to the Register. “After switching off the airbag, we can consistently report to the application that it is still switched on.”
Researchers said the difficulty of reverse engineering the software protocols to make the attack effective was extremely difficult, but is completely feasible for any skilled hacker.
But wait, we’re not done here, it gets even worse. Hackers could have the potential ability to update the car’s embedded control unit firmware via the OBD2 port, which could allow malicious hackers to inject backdoors and begin to hack the car remotely at a later date.
The trio said their research is based off a proof-of-concept research paper published in 2011 by Stephen Checkoway, titled “Comprehensive Experimental Analyses of Automotive Attack Surfaces [PDF],” where it describes the possibility of infecting connected cars via the diagnostic equipment cars are hooked up to.
Slides describing the recent discovery of hacking a car’s airbags can be found here [PDF].