Vehicle Hack Uses Digital-Radio Broadcasts to Seize Control

NCC has identified a system that can be used to hack car brakes and system. NCC Group said the exploit could be used to seize control of a vehicle's brakes and other critical systems. The Manchester-based company told the BBC it had found a way to carry out the attacks by sending data via digital audio broadcasting (DAB) radio signals. It coincides with news of a similar flaw discovered by two US researchers.

Chris Valasek and Charlie Miller showed Wired magazine that they could take control of a Jeep Cherokee car by sending data to its internet-connected entertainment and navigation system via a mobile-phone network. Chrysler has released a patch to address the problem.

NCC demonstrated its technique to BBC Radio 4's PM programme at its offices in Cheltenham. By using relatively cheap off-the-shelf components connected to a laptop, the company's research director, Andy Davis, created a DAB station. Because infotainment systems processed DAB data to display text and pictures on car dashboard screens, he said, an attacker could send code that would let them take over the system.

Once an infotainment system had been compromised, he said, an attacker could use it as a way to control more critical systems, including steering and breaking. Depending on the power of the transmitter, he said, a DAB broadcast could allow attackers to affect many cars at once. "As this is a broadcast medium, if you had a vulnerability within a certain infotainment system in a certain manufacturer's vehicle, by sending one stream of data, you could attack many cars simultaneously," he said.