Warning! Hackers can seize your car through digital radio
While more and more car manufacturers install digital radio players in their models, researchers in the UK and the US have proven that they can be hacked to seize control of a car.
Manchester-based NCC Group told the BBC’s PM show it found a way in lab tests to carry out attacks by sending data via digital audio broadcasting (DAB) radio signals using a laptop and a box made from easy-to-get parts.
A vehicle’s infotainment system processes DAB data to display text and pictures on its dashboard screen. NCC Group’s Director of Research, Andy Davis, explained that an attacker could send code that would let them take over the system. Once the infotainment system was affected, the attacker could then use it to control steering, brakes and locks or kill the engine.
If the transmitter was powerful enough, the attack could hit many cars at the same time, he warned.
In America, two security researchers Chris Valasek and Charlie Miller demonstrated to Wired magazine how to seize a Jeep Cherokee's infotainment system via a mobile-phone network and reprogram it to send control commands to its radio, climate control, brakes, steering and windshield wipers. All this while a Wired journalist was driving the vehicle.
Meanwhile the two were sitting 10 miles away on his couch. They sent him visuals of them hacking his vehicle through its digital display. The writer admitted he panicked when they cut the engine while he driving up a hill.
Valasek, Director of Vehicle Security Research at Seattle’s IOActive, added, this was not something that could be used by most criminals. "It takes a lot of time skill and money," he said. "That isn't to say that there aren't large organisations interested in it."
Chrysler has released a manually implemented patch to protect its software.
Hours after the Wired story went online, two politicians started a bill to protect internet-connected cars from being hacked. Car manufacturers had not provided this protection, they charged.