BBC: Cars Can Potentially Be Hacked via DAB

Several car infotainment systems are vulnerable to attacks
Publish date:

An interesting article was published online by BBC news today, entitled �Car hack uses digital-radio broadcasts to seize control.�� I�m a little surprised because I would think the premise would be tested and considered more logically before an article with such a provocative title would be published.�

Let�s parse just what is said in this article.�Bold font is mine (for emphasis).

�Several car infotainment systems are vulnerable to a hack attack that could potentially put lives at risk, a leading security company has said.

�NCC Group said the exploit could be used to seize control of a vehicle's brakes and other critical systems.

�The Manchester-based company told the BBC it had found a way to carry out the attacks by sending data via digital audio broadcasting (DAB) radio signals.

�NCC Group was able to transmit the DAB signal using a laptop and a box made from easy-to-source parts.

�NCC demonstrated its technique to BBC Radio 4's PM program at its offices in Cheltenham. �By using relatively cheap off-the-shelf components connected to a laptop, the company's research director, Andy Davis, created a DAB station.

�Because infotainment systems processed DAB data to display text and pictures on car dashboard screens, he said, an attacker could send code that would let them take over the system.

�Once an infotainment system had been compromised, he said, an attacker could use it as a way to control more critical systems, including steering and braking.�

Depending on the power of the transmitter, he said, a DAB broadcast could allow attackers to affect many cars at once.�

That�s the part which makes this article fall apart.� �Depending on the power of the transmitter...�� Sure.� If I have a transmitter with enough power, I could blanket any area.� But to get the mobile receiver tolisten to my transmitter, and ignore the DAB mux transmitters, would take a lot of power (I�m going to throw this out: a 10 dB difference).�

Do we really think there are hackers out there that are going to rent tower space, install an antenna, and buy a high-power transmitter with more output power than licensed and regulated transmitters in the same physical area? Without anyone else knowing about it ahead of time?�

�As this is a broadcast medium, if you had a vulnerability within acertain infotainment system in a certain manufacturer's vehicle, by sending one stream of data, you could attack many cars simultaneously,� he said.� Clearly it�s plausible, but in reality, no one will pull it off, because no one will find it worthwhile to expend the resources. There would also be no feedback from vehicles, so any potential hacker won�t know if his/her scheme worked until they read about it in the paper the next day.��

Sorry, chicken littles�you can go back outside now.��