Car’s Safety Bags Unsafe As Hackers Find A Way To Disable Them As Well
Hacking has branched out to quite a large number of categories, with drivers being the primary target as hackers have found a way to disable the safety bags of vehicles.
Vehicles That Can Have Their Safety Bags Disabled Are Usually Those Whose Functions Are Electronically Controlled
According to a source, automobile manufacturers are providing consumers with vehicles that run on a drive-by-wire system. In other words, majority of the car's functions are electronically controlled. This will range from steering, brakes, accelerator and of course safety bags. While this makes it extremely easy for drivers to control their vehicles, it also opens up a lot of doors for malicious hackers to carry out their malevolent acts.
According to a group of security researchers, adept hackers are effortlessly able to disable a car's safety bags, along with other functions. They are able to carry out this act by exploiting a zero-day vulnerability in third-party software that is commonly used by car mechanics. The group of researchers included András Szijj and Levente Buttyán hailing from CrySyS Lab, along with Zsolt Szalay of Budapest University. The group had demonstrated the hack on an Audi TT that was sold by Volkswagen. According to the individuals, any car that uses an electronic system is potentially unsafe for drivers since they can be hacked without putting in too much effort.
So how exactly does it work? Well, it is fairly more complicated than it actually seems. Starting off, several mechanics that use software in order to run diagnostics of a vehicle must have the security of the computer comprised. Additionally, a malicious USB needs to be plugged into the vehicle, which should not be a very big problem since majority of drivers plug in flash drives in order to listen to music while driving.
Coming to the more technical terms, the attack replaces the FTDI DLL and once infected, the hacker can easily take control of the car's diagnostic system, and can switch off the functions of the vehicle without the driver’s knowledge. The security team has stated the following concerning the nature of the attack.
“Anything that can be switched on or off from the diagnostic application could have been switched on or off. After switching off the airbag, we can consistently report to the application that it is still switched on.”
The biggest thing to worry about is that researchers found it difficult in reverse engineering the software and protocols that were used to make the attack work in the first place, meaning that once that attack has taken place, it could be very difficult for the vehicles’ safety protocol to bring the safety bag functions online once more.
This knowledge will most definitely be available to automobile manufacturers, and will most likely be looking for ways to counter these effects.