Car brakes and other critical systems can be hacked via car infotainment systems, security researchers at NCC Group have revealed.
The ingenious hack, demonstrated in an off-road environment, works by sending attack data via digital audio broadcasting (DAB) radio signals.
This is similar to a hack that allowed security researchers Chris Valasek and Charlie Miller to take control of a Jeep Cherokee after sending data to its entertainment and navigation systems via a mobile phone, as previously reported.
Car owners are strongly advised to apply a patch developed by Chrysler to guard against attacks that facilitate remote control of a car's engine, brakes and more from distance, simply by knowing the car's public IP address.
NCC's work shows that even cars whose systems are not connected to mobile networks might be vulnerable. The hack was demonstrated to BBC Radio 4's PM programme.
Andy Davis, NCC's research director, explained that an attack rig could be put together using cheap components connected to a laptop. The infotainment system of a targeted car, once compromised, could be used as a stepping stone to attack more critical systems, including steering and braking. Depending on power, a DAB broadcast could be used to attack multiple cars.
“If you had a vulnerability within a certain infotainment system in a certain manufacturer's vehicle, by sending one stream of data you could attack many cars simultaneously," he told the BBC, adding that attack data could be steganographically implanted within an audio or music stream. "[An attacker] would probably choose a common radio station to broadcast over the top of to make sure they reached the maximum number of target vehicles."
The approach has only been attempted in the lab. Davis has previously hacked into a real vehicle's automatic braking system through manipulating its infotainment system. A similar approach could be replicated through a DAB broadcast, he suggested.
NCC is not saying what infotainment system it hacked or giving details of its attack, which it plans to outline at greater length at the upcoming Black Hat conference in Las Vegas next month. Valasek and Miller also plan to outline their work at Black Hat in a presentation billed as Remote Exploitation of an Unaltered Passenger Vehicle, which is likely to be the hottest ticket in Vegas in a couple of weeks' time.
Jeremiah Grossman, founder and CTO of WhiteHat Security, said that both hacks underlined the point that cars were becoming computers on wheels, which need better protection than we currently offer PCs.
“We protect our PCs and servers from being hacked using special configuration settings, security software, and ‘best-practice' behaviours,” Grossman explained. “The overall effectiveness of all this ’security’ is, at best, so-so... but fortunately no-one dies when a system gets hacked.”
"With car hacking, and cars being little more than rolling computers nowadays, are we expected to install security software, etc there too? Or, are manufacturers responsible for protecting their car's occupants against a digital adversary? An interesting fork in the digital road. In the future, all cars are equidistant to the attacker, as will be the electricity meter on your home,” he added. ®