Hacks of the IT used to run cars have been a story for years—but a new approach using simple radio waves should, well, make waves for automakers.
NCC Group says that it has developed an exploit that infiltrates a car’s “infotainment” system via everyday digital audio broadcasting (DAB) radio signals. A remote attacker from there could take control of various critical control systems—including the brakes, and the steering. And yes, that’s terrifying.
NCC research director Andy Davis explained to the BBC that network sequestration is the issue here—taking over the fun and colorful (did we/should we say “distracting?”) radio display in the dash is one thing—but once a hacker is in, he or she or they can simply pivot to gain control of critical systems, including steering and braking.
Worse, the security firm said that it was able to transmit the malignant DAB signal using a laptop and a box made from cheap, easily accessible parts—no specialized equipment required. And, the bigger the signal booster, the larger the affective radius. In other words, it’s called “broadcast” for a reason, and in theory, the signal could be sent to many cars at once.
"As this is a broadcast medium, if you had a vulnerability within a certain infotainment system in a certain manufacturer's vehicle, by sending one stream of data, you could attack many cars simultaneously," he said. "[An attacker] would probably choose a common radio station to broadcast over the top of to make sure they reached the maximum number of target vehicles."
All together now: “Aiiiiiggggggggggghhhhhhhhh!!! Aiiiggghhhhhhhhhhhhhh!!!!!”
OK, now that we have that out of our system…it’s important to remember that clearly, it would take some doing to actually execute this kind of attack. The car couldn’t be moving very fast, for one, unless the attackers had a whole radio station tower to use to transmit the malicious airwaves.
Davis didn’t say which cars featured the flaw. According to the BBC, which first reported the story, the UK's Society of Motor Manufacturers and Traders has responded by saying that car companies "invest billions of pounds to keep vehicles secure as possible.”
Does that sound a little defensive to you? Me too.
But, one could get around that by using the mobile phone network. Chris Valasek, director of vehicle security research at IOActive, and Charlie Miller, the renowned white hat and Twitter researcher that has made mobile hacks a specialty, have done just that, and are prepping a similar exploit to show off at Black Hat 2015 in August.
They were able to remotely take control of a Jeep Cherokee's air-conditioning system, radio and windshield wipers, using the mobile phone network and the car’s internal 4G connection. They demonstrated this to an unaware journalist at 70 MPH as well. And even uploaded a picture of themselves to the affected car’s dash display, just to ratchet up the poor guy’s terror.
Using the mobile network improves reach, but requires specialized know-how and equipment, unlike the NCC hack. "We took over the infotainment system and from there reprogrammed certain pieces of the vehicle so we could send control commands," Valasek said. "It takes a lot of time skill and money. That isn't to say that there aren't large organizations interested in it."
But someday—won’t someone be able to achieve BOTH ease-of-exploit and effectiveness?