Car hacked via digital-radio

A leading security company has said that it has identified several in-car computers as being vulnerable to a cyberattack that could potentially put lives at risk.

NCC Group said the exploit could be used to seize control of a vehicle’s brakes and other critical systems.

The Manchester-based company told the BBC it had found a way to carry out the attacks by sending data via digital audio broadcasting (DAB) radio signals. This comes after the news that two US researchers were able to control a car remotely.

Security researchers Chris Valasek and Charlie Miller showed that they could take control of a Jeep Cherokee by sending data to its internet-connected entertainment and navigation system via a mobile-phone network.

Chrysler has released a patch to address the problem, however users must update cars for themselves.

NCC demonstrated its technique to BBC Radio 4’s PM programme at its offices in Cheltenham. By using relatively cheap off-the-shelf components connected to a laptop, the company’s research director, Andy Davis, created a DAB station. As infotainment systems process DAB data to display text and pictures on car dashboard screens, he said, an attacker could send code that would let them take over the system.

Once an infotainment system had been compromised, he said, an attacker could use it as a way to control more critical systems, including steering and breaking. Depending on the power of the transmitter, a DAB broadcast could allow attackers to affect many cars at once.

‘As this is a broadcast medium, if you had a vulnerability within a certain infotainment system in a certain manufacturer’s vehicle, by sending one stream of data, you could attack many cars simultaneously,’ he said.

‘[An attacker] would probably choose a common radio station to broadcast over the top of to make sure they reached the maximum number of target vehicles.’

Mr Davis declined to publicly identify which specific infotainment systems he had hacked.