Published on April 14th, 2016 📆 | 3590 Views ⚑0
This Chinese hacker claims he can hack your car, even without an internet connection
If you drive an internet-connected smart car, you’re probably aware of the danger of your system being compromised by hackers. But if you’ve got a dumb car like me, you probably think you’re safe, right? Apparently not.
At least not according to Chinese hacker Daishen (it means “stupid god” and it’s not his real name). He told Chinese tech news site Leiphone that he can hack not-so-smart cars including the Volkswagen Toureg, Audi A6, Audi A7, and likely quite a few more.
Tech in Asia has contacted Volkswagen and Audi for comment on this story, and will update if we hear back.
Specifically, Daishen says he and hackers like him could get access to systems like your car’s GPS or stereo system via holes in the car’s security layers. In one model, for example, the vehicle’s system runs an authentication check to prevent unauthorized system access, but stores the result of that check in plaintext rather than encrypting it, allowing a hacker to change the result from false to true and gain system access. Many cars also have poorly-guarded admin passwords meant for use by engineers and mechanics that can give hackers a way into your car’s system.
To be clear, there is a catch to this kind of attack: it can’t be done remotely. At least once, a hacker would need physical access to your car to get inside. But everyone from mechanics to valets may have access to your car when you’re not there to supervise, and of course, a hacker could also just break in. And once they’ve gotten access, further communication with the system could be realized in any number of ways – like a Bluetooth connection for example.
This kind of hack also doesn’t give the hacker total control of the car – they couldn’t for example, disable your brakes. But they could track your every move in real time via the car’s GPS navigation and use that data to rob or blackmail you, or make the stereo system play loud, shocking noises at random intervals and hope one scares you into an accident.
It’s an especially scary proposition for Chinese government officials, many of whom could be targets of spying or extortion, and many of whom also favor Audi vehicles.
The good news here is that Daishen is a white-hat hacker – he says he’s already turned information on the security holes over to vehicle manufacturers. But given that most people don’t get their not-so-smart cars software-patched often (or ever), that may not make much of a difference in terms of the vulnerability of vehicles that are on the road today.