back to article Hackers pop grease monkeys' laptops to disable Audi airbags

Hackers can quietly disable airbags in cars sold by Volkswagen using a zero day vulnerability in software popular with car mechanics. The attacks demonstrated on an Audi TT require a mechanic's computer to be first compromised or for a malicious USB device to be plugged in for the exploit to work. Research trio András Szijj, …

  1. tfewster Silver badge
    Trollface

    Look on the bright side...

    ... Audi drivers might drive more carefully if they thought their airbags had been disabled

    1. Anonymous Coward
      Anonymous Coward

      Re: Look on the bright side...

      I already do! I think people who have never had them deployed think it's more like a big soft cushion in a pillowfight rather than a hefty whack in the face from a boxer. Perhaps sitting through an airbag deployment should be part of the driving test!

      1. 9Rune5 Silver badge

        Re: Look on the bright side...

        "hefty whack"?

        No.

        I took down a telephone pole, the airbag deployed and there was no pain felt. I doubt I wouldn't feel any pain if I took a whack in the face from a boxer (nor am I tempted to try). Oddly enough I later found I had a bruised shoulder (presumably from the panel covering the side airbag), but the experience itself was not painful.

        I am usually seated as per the official guidelines (i.e. an arm's length away from the exploding pillow of pain). The seat belt tensioner held me firmly in my seat. If you drive with bent arms while lightly chewing the top of your steering wheel, then yeah, the airbag is going to hurt. A lot.

        (although... Accidents involving Saabs rarely affect the drivers... They're constructed in a way that allows the doors to be opened normally even after rather harsh impacts and their A-pillars are among the strongest there is. The only thing that makes me afraid of crashing my Saab again is that they stopped making them)

        1. Vic

          Re: Look on the bright side...

          They're constructed in a way that allows the doors to be opened normally even after rather harsh impacts

          That's not the sort of thing I'd trust...

          Many years ago, I was involved in a crash whilst driving an Austin Ambassador[1]. Although I was hit from behind, the shell moved enough that I had to lie across the front seats and kick with both feet to get the door open.

          When I was learning to fly, part of the forced-landing procedure we were taught is to open the door on the way down. That way, you stand some chance of getting out...

          Vic.

          [1] What can I say. I was skint, and I needed something I could sleep in if necessary.

    2. Anonymous Coward
      Anonymous Coward

      Re: Look on the bright side...

      "... Audi drivers might drive more carefully if they thought their airbags had been disabled"

      Nah - they will just rely on the Bulgarian Airbags in the passenger seat...

    3. Smooth Newt Silver badge
      Joke

      Re: Look on the bright side...

      Hackers can quietly disable Audi airbags

      Except in Bulgaria.

  2. Voland's right hand Silver badge

    Seriously?

    If you have access to the device which talks to the OBD2 you can do nearly anything. I would hardly call this an attack. It is like physical access - once you are plugged in, it is game over.

    This attack would have been really interesting if it was successfully exploiting Android Torque or one of the fleet tracking apps. The "Phantom Menace" in the form of a white van with remotely controller breaks...

    As far as the state of mechanics laptops, they are nearly all guaranteed to have updates disabled and are quite likely to be Windows XP so they can run obscure software from 10 years ago which has had no updates or Win 7, 8 or 10 version because the company has gone out of business or just because it does not give a damn. So there is little kudos for exploiting them. It is trivial.

    1. sabroni Silver badge

      Re: So there is little kudos for exploiting them.

      Bummer. If I'm killed by car hacking it better be a cool exploit!!

    2. TeeCee Gold badge

      Re: Seriously?

      Depends whether they need the security code that's supposed to be de rigeur for any write or update operations to plant their bit of code......(!)

      If they do, it's: "You have physical access and the security code, that's the way it's supposed to work!".

      Useful trick though. "Airbag"[1] systems are so fucking complicated these days that they are, in effect, unfixable if they go wrong (i.e. the length of diagnosis and the parts swapped to track the actual fault source down are going to cost more than the car's worth once out of warranty).

      Since some utter twat made having the airbag lamp do it's "on and then off" bit at startup a mandatory MOT item a few years back, it could be incredibly helpful to have a way of convincing the ECU that the airbag system's working, even though the left-hand second redundant side-impact sensor connection is dicky or the third bouncy-castle bit on the right-hand side is two months over its planned obsolescence date.

      [1] In quotes as that's a laughable oversimplification of the modern horror story.

      1. BobRocket

        Re: Seriously?

        Microcontroller board (<$10) hanging behind the dashboard and a couple of LEDs from an old PC.

        Wire the power to the ignition and replace the dash bulbs for airbags/ALB with the LEDS (pack them with tape to make them fit).

        When the ignition is turned on the Uc boots, lights the LEDs for a few seconds and then goes into sleep mode.

        Make sure the timings for the lights are different to reflect the POST of airbag/ALB.

        (obviously I'm not suggesting that anybody should do this or that I might have witnessed it in the past, it is probably highly illegal)

        1. Anonymous Coward
          Anonymous Coward

          Re: Seriously?

          When the ignition is turned on the Uc boots, lights the LEDs for a few seconds and then goes into sleep mode.

          Good heavens, you need a whole micro controller to do that? If you're behind the dash already you might as well use the original lights (as you would not go there unless you had the loom layout handy), and it takes an elco, a resistor and a transistor to give that initial OK flash. You can add some components to get a sharper cutoff, but using a microcontroller for that is like using a whole Raspberry Pi to time your toast without even monitoring any variables.

        2. Anonymous Coward
          Anonymous Coward

          Re: Seriously?

          "Microcontroller board (<$10) hanging behind the dashboard and a couple of LEDs from an old PC."

          When did people start thinking it was easier to use an Arduino than a 555?

          1. Vic

            Re: Seriously?

            When did people start thinking it was easier to use an Arduino than a 555?

            It's probably cheaper!

            Some while back, I bought the missus a little bike. It didn't have a tacho, so I was going to build an LED one with a simple bargraph driver.

            It tiurned out it was loads cheaper to buy a PIC with a load of open-collector outputs than buy the bargraph driver chip. So it became a computer project, not a simple analogue electronics one...

            Vic.

      2. Vic

        Re: Seriously?

        Since some utter twat made having the airbag lamp do it's "on and then off" bit at startup a mandatory MOT item a few years back

        I'm expecting to start finding timer circuits[1] in cars in the near future, so that the bulb lights in the expected fashion, even though the system in question is long dead...

        Vic,

        [1] I was going to write "555 timers", but 555s are actually quite expensive to buy in this country these days - you either inport them from China, or build something Arduino-based, because microprocessors are now cheaper than discrete chips...

    3. tmTM

      As far as the state of mechanics laptops

      Chances are they spend their entire life in the garage and are not connected to the internet anyway.

      Especially if the software used isn't updated anymore.

      1. Brewster's Angle Grinder Silver badge

        Re: As far as the state of mechanics laptops

        "No, mate, we never connect it to the internet. Except to look at porn."

        Seriously, if it can be connected to the internet, it will be.

      2. Anonymous Coward
        Anonymous Coward

        Re: As far as the state of mechanics laptops

        Chances are they spend their entire life in the garage and are not connected to the internet anyway.

        Especially if the software used isn't updated anymore.

        Not so - the need for connectivity is even a source of issues in itself. If you want to add a physical key to the locking system, the laptop has to be hooked up to the car's network as well as communicate with an Audi server to receive the authorisation for adding a particular key ident to the locking mechanism associated with a specific VIN. The problem is that that server appears to have limited bandwidth (possibly deliberate) so it sometimes bottlenecks and the mechanic has to restart the update process.

        I think the mechanic's laptop is indeed a viable attack vector if it is used for anything else but vehicle engineering.

      3. John Geek
        Coat

        Re: As far as the state of mechanics laptops

        I know the recent Volvo stuff requires LAN access to a local server which contains the parts and service databases. Very few shops are going to have a private LAN for this, far more likely its the house wifi, which is entirely online.

        The Mercedes stuff is entirely online, the parts database is held at the mothership, and the 'EPC' software (electronics parts catalog) accesses it as needed, ditto the STAR diagnostic systems are partially client-server online. Nice thing about the Mercedes system, it tracks cars by VIN, and if you update a component, STAR registers that with the mothership, and anyone on STAR can pull up the service history. Other makers have similar systems but they tend to be dealer-only, and/or only for recent cars, while STAR can be subscribed by an indie shop (although, I'm sure plenty don't), and STAR has nearly every car Mercedes has made since the 1970s..

        1. Fraggle850

          @ John Geek Re: As far as the state of mechanics laptops

          >nearly every car Mercedes has made since the 1970s..

          Mmm... old Mercs... sigh...

          1. BillG
            Thumb Up

            Re: @ John Geek As far as the state of mechanics laptops

            Mmm... old Mercs... sigh...

            +1, man. Remember the 450SEL? As heavy as an Apollo rocket and just as fast. I got my Dad's up to 145mph (233kph) and it was still accelerating.

        2. Vic

          Re: As far as the state of mechanics laptops

          it tracks cars by VIN, and if you update a component, STAR registers that with the mothership, and anyone on STAR can pull up the service history.

          That's not always such a great thing...

          My missus has a 2005 Beetle. A few years ago, it had a major problem - it would just stop. It went back to the stealer on numerous occasions, as I've written about elsewhere.

          She was thinking about getting a new car at the time - but every VW and Audi garage had the history of this car, and they all saw it as a problem vehicle, meaning they all offered SFA in terms of trade-in against a new car. And that was down to the incompetence of the grease monkeys working on it - the car is now perfect[1].

          Vic.

          [1] I fixed it. It required no new parts - the issue was entirely down to poor interconnect, because VW skimped on the strain relief.

    4. BillG
      Meh

      Re: Seriously?

      As far as the state of mechanics laptops, they are nearly all guaranteed to have updates disabled and are quite likely to be Windows XP so they can run obscure software from 10 years ago which has had no updates or Win 7, 8 or 10 version because the company has gone out of business or just because it does not give a damn. So there is little kudos for exploiting them. It is trivial.

      This is true. I have a Windows XP laptop that contains software and documentation for older cars. It won't run properly on Windows 7, even in compatibility mode.

  3. Fraggle850

    Interesting times ahead for the IoT

    As alluded to at the end of the article, we may well find that planting malware on all PC-controlled devices is feasible. Given that we are allegedly heading for a large scale IoT uptake in the near future the potential for this sort of attack is mind boggling. Today's earlier article highlighting the compromising of shopping mall ip security cameras to become part of a DDOSing botnet gives some indication of the potential for anarchy.

    This will be an emerging problem unless/until strong security standard's are devised (and implemented! - for f**k's sake DON'T leave the responsibility for doing this with end users).

    I don't think I'll be buying any connected devices (including/especially cars), as far as I'm able to avoid it, for the foreseeable future.

  4. auburnman

    Why is it even possible to switch the airbag off? I realise that at some point engineers may need to put it into testing/test cheating mode, but surely this should be some sort of time limited disable that resets after half an hour or a power cycle of the engine? For reasons of liability at least even if VW don't care that people could be driving with no airbags.

    1. James 51

      The passenger side airbag can be deactivated by turning a switch on most cars so children in rear facing seats can be put in that seat. I'll leave the gruesome details of what could happen if the airbag is deployed till after breakfast.

    2. Fonant

      For various reasons. My mother-in-law also has relatively short legs, so she drives with her seat right forward, putting her very close to the steering wheel and its airbag explosives. In this situation having the airbag go off is potentially quite nasty, leading to facial burns and abrasion.

      AIUI, airbags were invented because Americans didn't like wearing seatbelts, and the automatic seatbelts (very unnerving mechanisms that put the seatbelt on you with motors when you sat in the car) weren't popular either. A well-adjusted seatbelt should provide all the protection you need, with little additional protection provided by an airbag.

      1. Phil O'Sophical Silver badge

        In this situation having the airbag go off is potentially quite nasty, leading to facial burns and abrasion.

        As compared to the quite pleasant sensation of the steering wheel smashing your nose into your brain, you mean?

        airbags were invented because Americans didn't like wearing seatbelts

        Having an airbag fire in a frontal collsion when the driver/passenger is not wearing a seatbelt is even more lethal than having no protection. The inflating airbag acts like a fulcrum, so that instead of smacking into the bag (or the dashboard) the passenger rides up and over over the bag and out through the windscreen, into the rest of the accident.

        It wouldn't surprise me if airbags were disabled if no belt is worn, just as front passenger airbags are disabled if there's no passenger in the seat. This attack could use those mechanisms.

  5. Slx

    The passenger air bag is usually able to be switched off using a button or software to allow the placement of a baby seat.

    I think they're really going to have to harden these systems and isolate them entirely.

    Too many safety critical systems are being left too open and I'm at a loss to see what the advantage is!

  6. allthecoolshortnamesweretaken

    So, not really news per se, but yet another item to add to the ever growing list of things to fix...

    I would like to use this to point towards one of my pet peeves (or theories): Total Cost of Ownership. Your new shiney-shiney will cost you more than just the price at purchase. There are always running and servicing/maintainance costs. With a car that may well include (proportionally) keeping your mechanic's IT gear up to date.

  7. Anonymous Coward
    Anonymous Coward

    I get the feeling there's going to come a point where Governments say no more pen testing then we will all be up shit creek. I for one applaud this testing as long as the companies act on what they are given and start investing in security rather than the current it's an afterthought behaviour.

  8. Jason Bloomberg Silver badge

    "The team's attack works by replacing the FTDI DLL"

    That DLL (a driver for the USB hardware interface used) is on the engineer's computer, presumably translating "airbag disabled" into "airbag enabled" messages as it receives them and passes them on.

    Only that and other tampered with PCs will do that. The car is still reporting the airbags are disabled and PCs not tampered with will show that.

    They haven't 'hacked the car'; only modified the PC to silently disable the airbag and have it reporting the wrong status.

  9. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      "Isn't anyone interested..."

      Well, you could try reprogramming the ECU to put it into a mode where the car's shoddy emissions are improved to the point where they pass the government-mandated tests. I hear a couple of junior IT guys in Germany did it a few years ago with one of their makes.

      More seriously, reprogramming the ECU to improve performance could count as "improving a feature". Or going the other way to improve fuel consumption.

    2. 404

      We do it all the time to Canyon/Colorado mid-size trucks using hptuner software to access via the OBDII port, the different control modules for tuning. Improve fuel/air ratios, turn off certain items, tune for mileage or performance, etc. My GMC Canyon only averaged 20mpg when new, I average 24.7mpg with a 27.9mpg high after modding this and that, then tuning the electronics - just turned 180k miles on her last week. Still strong.

      Pretty sure all makes and models can be tuned.

  10. Anonymous Coward
    Anonymous Coward

    when wonder woman.....

    http://i.imgur.com/QADslIZ.jpg

  11. Graham Marsden
    Pirate

    Yes, but...

    ... when is someone going to come up with an exploit that makes the indicators on BMWs work?

    1. Anonymous Coward
      Anonymous Coward

      Re: Yes, but...

      "... when is someone going to come up with an exploit that makes the indicators on BMWs work?"

      When you can replace the DLLs on the wetware, that's when.

  12. nedge2k

    No limited to VAG but not too much to worry about...

    I doubt very much this is limited to VAG cars - FTDI chips are quite prevalent in most diagnostic cables. Also, the chances of an indie garage laptop (dealers have proprietary kit) being patched and up to date are incredibly minimal - most are still on XP, hell i've seen some still running '95.

    That aside, most garages forgo PC software and use a dedicated Snap-On tool that covers most makes/models and won't interact with a PC. It's only small specialists and home mechanics that will used software like VCDS (formerly VAGCOM) - which is what I assume they're talking about here - as it's significantly cheaper than the dedicated aftermarket/OEM equivalent.

    In short, if you take you car to a dealer for stuff - nowt to worry about, non-event. If you take it to an indie specialist to have the central locking recoded to allow something like remote window opening, you're taking a risk.

    1. hopkinse

      Re: No limited to VAG but not too much to worry about...

      And who in their right mind takes a car to the dealer, once the warranty is up?

      That bit of software VAGCOM/VCDS is very useful for diagnosing problems like airbag faults, without having to pay a garage a fortune to track down the fault - most of the time it's a simple fix like a dodgy connector under the seat or something like that. Your airbag warning light comes on but your car has 4 airbags as well as explosive seatbelt tensioners and the like. Do you trace the wiring for all of them or do you let the software tell you which one the car is complaining about - no contest! Obviously brainless idiots who just go hacking about with systems like that deserve whatever pain they reap, but, with a bit of common sense and research, and basic safety, like disconnecting the battery, etc , etc, there's no reason why you shouldn't use it.

  13. Anonymous Coward
    Anonymous Coward

    Uranium emissions

    I was skim reading the article and had half scrolled down the page and went from VWs and Audis to uranium centrifuges. I'd heard of their sneaky 'defeat device', but, well, wow...

    :-)

  14. Nolveys
    Trollface

    Hackers pop grease monkeys' laptops to disable Audi airbags

    When will they be able to disable the Audi douche bags?

    1. sabroni Silver badge
      Happy

      Re: Hackers pop grease monkeys' laptops to disable Audi airbags

      Tests on audi cars find they contain tossers

  15. Anonymous Coward
    Anonymous Coward

    attention vehicle occupants

    you have exactly 30 seconds to transfer the balance of the account No... to the specified account. Please note there's a particularly bendy road stretch ahead. Shame if the airbags were to enter a non-deployable mode, eh?

  16. Anonymous Coward
    Anonymous Coward

    No news here

    For several years now it has been known that car systems can be hacked be it door locks or airbags. The problem is auto manufacturers don't take computer security seriously. Then when the vehicles are hacked by criminals, there is a knee jerk reaction that doesn't fix much. Until all who use computers start out with a proper secure platform before building their operating system, these systems will continue to be hacked and the public will suffer accordingly. The AV community is in a big rush to get autonomous vehicles on the road yet none of them even has a secure O/S nor have they been able to address many operational and safety issues. That has not stopped them from rushing test vehicles on to the roadways resulting in a series of preventable accidents.

  17. Anonymous Coward
    Anonymous Coward

    Useful hack it seems

    I can see it being handy for when your car dash airbag warning light remains lit, due to wires underneath the seats becoming worn or damaged over time. This is an MOT failure in the UK and can be very hard to fix, so I can fully understand why people would want to conceal the warnings from testers.

  18. Mark 85 Silver badge

    Maybe it's time...

    Maybe it's time to remove the airbags and allow Darwin to have free reign again... There's still the question though of innocent drivers/passengers being killed however. For every upside, there's a downside.

    Just musing on a Friday waiting for beer o'clock.

    1. Queasy Rider

      Re: Maybe it's time...

      Unfortunately the Darwinian driver can remove only one of himself from the gene pool, but he can remove countless others, especially if he (or she) survives multiple crashes over time.

      On a side note: Reminds me of the fashion model who crashed while texting and horribly disfigured herself. The clincher for me was her statement later that she should have known better, having previously crashed her car while also texting. Dangerous twat.

      1. Mark 85 Silver badge

        Re: Maybe it's time...

        I noted the possibility of the innocents getting killed. It is a conundrum. And yes, that fashion model should be taken out of the gene pool. To me, it's amazing how some people manage to live as long as they do....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020