Car systems can be hacked, warns NCC Group
Some car infotainment systems are vulnerable to a hack attack that could put lives at risk. The vulnerability was exposed by NCC Group after it found a way to carry out attacks by sending data using digital audio broadcasting (DAB) radio signals.
It follows the news of a similar flaw discovered by US researchers who took control of a Jeep Cherokee by sending data to its internet-connected entertainment and navigation system via a mobile-phone network.
Using relatively cheap off-the-shelf components connected to a laptop, NCC Group created a DAB station.
Attackers are able to send a code that would let them take over the infotainment system and potentially use it as a way to control more critical systems including steering and braking.
NCC Group’s research director, Andy Davis, told the BBC a hacker’s DAB broadcast could affect many cars at once, depending on the power of the transmitter.
Davis said: “[An attacker] would probably choose a common radio station to broadcast over the top of to make sure they reached the maximum number of target vehicles.”
NCC Group declined to publicly identify which specific infotainment systems they had hacked whilst in a lab environment.
A security expert stated that both hacks underlined the point that cars were becoming computers on wheels, which need better protection than we currently offer PCs.
Grossman said: “We protect our PCs and servers from being hacked using special configuration settings, security software, and ‘best-practice’ behaviours.
“With car hacking, and cars being little more than rolling computers nowadays, are we expected to install security software, etc. there too?
Or, are manufacturers responsible for protecting their cars’ occupants against a digital adversary?”