VW Air Bags Vulnerable to Attacks

Tuesday, October 27, 2015 @ 07:10 PM gHale

Air bags in Volkswagen automobiles can end up disabled by attackers employing a Zero Day vulnerability.

The attacks demonstrated on an Audi TT require a mechanic’s computer to end up compromised or for a malicious USB device plugged in for the exploit to work.

Fiat Auto Vulnerability Update
Chrysler Updates 1.4 Million Vehicles
Flaw Uncovered: More Vehicle Woes
Braking a Corvette via Text

Researchers András Szijj, and Levente Buttyán of CrySyS Lab and Zsolt Szalay of Budapest University of Technology and Economics said the attack is a more “plausible,” but less capable, threat than the remote hacking that has seen Jeep engines disabled at high speed, brakes seized, and locks popped.

The attack can allow intruders to conceal the disabling of airbags and other car functions from mechanics by falsifying read outs from the car.

Buttyán said a widely-used third-party software compatible with cars sold by the Volkswagen Group (which includes Audi) is the culprit.

“It works with other cars in the VW group too without any modification,” Buttyán said. “Anything that can be switched on or off from the diagnostic application could have been switched on or off. After switching off the airbag, we can consistently report to the application that it is still switched on.”