Car entertainment systems vulnerable to cyber attack

If your car has an on-board computer or entertainment system then you’ll want to read this…
Leading information security organisation NCC Group has found out how to hack into car entertainment systems to take control of vehicles’ brakes, steering and other critical systems.

car

These systems can be hacked by anyone who can find the car’s IP address – yes, many modern cars have an IP address – which puts the attacker in a position to subvert the entertainment system and thereby hijack the vehicle.

This isn’t just a theory, either: Chris Valasek and Charlie Miller performed a real-life hack on a Jeep Cherokee to demonstrate the issue to Wired magazine. If you own one of these vehicles, you probably want to download this patch that Chrysler released to address the problem.

And this doesn’t even need to be a sophisticated operation. NCC’s method used cheap, off-the-shelf components, connected to a laptop to create a DAB station with which to contact the vehicle and gain access to systems. Worryingly, the good people at NCC believe that potential attackers could actually attack multiple targets at the same time.

Andy Davis, NCC’s research director commented:

“As this is a broadcast medium, if you had a vulnerability within a certain infotainment system in a certain manufacturer’s vehicle, by sending one stream of data, you could attack many cars simultaneously.

“[An attacker] would probably choose a common radio station to broadcast over the top of to make sure they reached the maximum number of target vehicles.”

While car manufacturers spend billions to ensure our cars are safe, there is no getting away from the fact that modern cars are reliant upon multiple computers working together and processing millions of lines of code at the same time. For as long as this is the case, criminal hackers are going to want to find a way in.