A leading security company claims data can be sent to a car through Digital Audio Broadcasting (DAB) radio signals, which then mines its way into the car’s computer system and gives the hackers remote access to its key systems, including braking and steering.
NCC Group revealed the exploit on the same day that two US researchers were reported to have taken remote control of a Jeep Cherokee (with the driver’s permission) and applied the brakes without having any previous physical contact with the vehicle. Chrysler has released a software update to address the problem.
Manchester-based NCC Group revealed its findings to the BBC, and explained how it had carried out the hack using relatively cheap, off-the-shelf components connected to a laptop.
Researcher Andy Davis created a DAB station, which a car would be able to connect to through its radio; because DAB stations can send text and pictures to a car’s dashboard screen, an attacker can bundle malicious code with these to gain control of the system.
Taking control of the steering and brakes
Once the attacker has compromised the dashboard and entertainment system, Mr Davis claimed they could then work their way into the car’s critical systems, such as steering and braking.
A more powerful transmitter could let attacks target several vehicles at once, the researcher claims. He also described how attackers could broadcast over the top of existing stations to target as many vehicles as possible.
According to him, “As this is a broadcast medium, if you had a vulnerability within a certain infotainment system in a certain manufacturer’s vehicle, by sending one stream of data, you could attack many cars simultaneously. [The attacker] would probably choose a common radio station to broadcast over the top to make sure they reached the maximum number of target vehicles.”
Modern cars are targets
Modern cars are increasingly becoming targets for cyber attacks due to their expanding roster of autonomous features.
Automatic parking is an option in a number of mid-range cars and gives the vehicle’s computer control of the steering, while automatic braking to avoid low-speed accidents in traffic is also fitted to many others, even at the lower end of the market; cruise control can be used to adjust a car’s speed without a physical connection between the driver and the engine.
If all three systems are compromised on an automatic car (wherein the driver cannot press the clutch pedal to stop the engine engaging the gears), then hackers can potentially gain full control of the vehicle.
“If some persons were able to compromise the infotainment system because of the architecture of its vehicle network, they would in some cases be able to disable the automatic braking functionality.”
He admitted that the hack would take “a lot of time, skill and money” but warned that this “isn’t to say that there aren’t large organisations interested in it.”
View the original content and more from this author here: http://ift.tt/1LMLV2F
from hacker samurai http://ift.tt/1LMLOUO
via IFTTT
No comments:
Post a Comment