As if Volkswagen didn’t have enough to worry about with the emissions scandal, European security researchers have demonstrated a proof-of-concept exploit that can allow an attacker to covertly disable airbags (and other systems) in the German manufacturer’s autos. Unlike the more dramatic wireless hacking demonstration of Jeep vehicles that caused a massive recall, this particular exploit requires actual contact with the car, either via a compromised laptop or malicious USB device connected to the vehicle’s diagnostics port. To demonstrate the hair-raising potential of this exploit, the hackers were able completely disable the airbag, but have the onboard software continue to report the system as functioning properly. For now, the hackers limited their hacking to this proof-of-concept, but they believe that with further testing and research someone could develop malicious code capable of executing more serious system disruptions while the vehicle was in motion, and perhaps long after the infecting device was removed.
What this means for you:
We are rapidly approaching a future where most of the devices upon which we rely will have embedded computers. Here’s a short list of items that already appear in homes and have this capability right now:
- Burglar alarms
- Surveillance systems
- Major appliances (refrigerators, ovens, washing machines)
- Door locks
- Lighting systems
- Electrical meters
- Gas meters
- Fire and life-safety systems
As the researchers of the Volkswagen were quick to point out, the problem wasn’t with Volkswagen’s engineering, but a weakness in a third-party diagnostic system, an easily compromised laptop – mechanic’s don’t have special devices, they use the same gear we use – and our willingness to plug things into our devices without specialized knowledge or assurances of security and safety. Many of the items listed above are easily accessible by visitors, repairmen and sometimes complete strangers, and even though the infecting agent may be completely unaware the device they are connecting to your devices is compromised, the damage is already done once it gets plugged in. Once again, the weakest link is the human, either us or some hapless mechanic. It’s important to be aware of all the systems with which you surround yourself, as well as who is servicing them, and whether they themselves are taking the necessary precautions to stay safe.