Researchers Use Digital Radio Broadcasts To Breach Infotainment Systems, Hijack Vehicle Primary Controls

Is there anything scarier than the thought of a hacker remotely taking control of your vehicle's steering and braking functions as you barrel down the highway? Well sure, being eaten alive by flesh eating zombies like an episode of The Walking Dead would cause most people to soil their undergarments, but losing control of your vehicle certainly ranks right up there. And unlike the zombie scenario, these remote vehicle hacks are really happening.

The newest threat is an exploit that exists in car infotainment systems that could allow an attacker to take complete control of a vehicle's brakes and other functions. It was discovered by NCC Group, a U.K.-based firm that demonstrated part of its scary technique to BBC Radio 4.

Car Infotainment

What's even more disturbing about the hack is that it can be done using fairly inexpensive and widely available parts, which are then connected to a laptop to create a digital audio broadcasting (DAB) system. Why DAB? Infotainment systems use DAB data to display text and pictures on car dashboard displays, giving attackers a point of entry.

According to NCC research director Andy Davis, it would also be possible to take control of several vehicles at once, depending on the strength of the transmitter.

"As this is a broadcast medium, if you had a vulnerability within a certain infotainment system in a certain manufacturer's vehicle, by sending one stream of data, you could attack many cars simultaneously," Davis said.

This is the world we live in, folks. NCC's proof-of-concept isn't the only one -- earlier this month, security researchers demonstrated a hack that allowed them to seize control of a Jeep Cherokee using a UConnect vulnerability. The researchers were able to blare the radio, blast the AC, turn on the windshield wipers, cut the transmission, disable the brakes, and more. Ultimately the Jeep ended up in a ditch.

Via:  BBC
Show comments blog comments powered by Disqus