Hackers Could Disable Car Airbags – Report

Software, rather than the cars, is the weak link, say researchers

HACKERS could disable airbags in cars by compromising software used by mechanics when they are working on vehicles, security researchers say.

An attack was demonstrated on an Audi TT showing how the computer used by mechanics to take read-outs can be compromised.

The software flaw allows hackers to disable airbags and other car functions – without the mechanic working on the car knowing.

Researchers from CrySyS Lab and Budapest University say the unnamed third-party software popular with mechanics could be the weak link in the security chain, regardless of how advanced a car is.

CrySyS’ Levente Buttyan said: “Anything that can be switched on or off from the diagnostic application could have been switched on or off.

“After switching off the airbag, we can consistently report to the application that it is still switched on.”

While the attack was demonstrated on an Audi, he said the flaw has nothing to do with the car model itself, but rather the third-party software.

But Mr Buttyan added: “It is not the specific software which makes our work interesting, but the main message that embedded devices are typically managed from PCs and they can be infected (and used) as stepping stones.

“This could be a nightmare in the future.

“Imagine that you manage all your smart devices in your home, office, or factory from your PC.

“Once dozens of embedded devices are successfully infected, the malware can even disappear deliberately from the PC, so all those embedded devices remain infected and you may never detect (the attack).” SkyNews.com