The good news is that this particular bug has been addressed but it does not make the vulnerability any less terrifying. A mere 18 seconds of playtime on a compromised audio CD in your car is enough to insert the attack code and gain complete control over your cars computer controlled systems. This particular vulnerability was discovered in 2010, long before the more recent vulnerabilities you would have seen all over various media. You could shut off the engines, forcibly unlock the doors, interfere with steering and many other functions that could well cause serious damage at highway speeds or in other scenarios.
When placing the blame, The Inquirer makes sure to point out that you should not look to the car companies as it is the software providers who are the source of the problem. Thanks to various corporate policies no car company has access to all of the source code running in their products so a security audit will not help. Even better is the inclusion of a government-mandated OBD-II port which allows complete control over your cars system; which you should not touch as simply plugging into it would be a crime in the USA. There is some good news, this vulnerability resulted in Fiat Chrysler recalling 1.4 million cars at a cost of about a quarter of a billion dollars … an expensive mistake that may convince them to change their software implementation processes.
"The modern car's operating system is such a mess that researchers were once able to get complete control of a vehicle by playing a song laced with malicious code. Malware encoded in the track was executed after the file was loaded from a CD and processed by a buggy parser."
Here is some more Tech News from around the web:
- AMD emits fresh open-source GPU tools for HPC, game devs @ The Register
- Augmented Reality Becomes Useful, Real @ Hack a Day
- honor 5X, honor 7 Enhanced & honor Band Z1 Revealed @ Tech ARP
- Western Digital, IBM enter patently cosy deal @ The Register
- Mozilla launches Firefox 44 with pop-up notifications @ The Inquirer
- Google Chrome had an unchecked extension that can spy on you @ The Inquirer
- Increasing adoption of Ultra HD panels for notebooks may push down prices @ DigiTimes
- Raspberry Pi Zero Cluster Packs a Punch @ Hack a Day
- N1 Email Client — A User-Friendly Option @ Linux.com
- Guide: Block Google DNS per device @ MissingRemote