Skip to main content

Connected car flaw could let hackers disable your airbags

(Image credit: Image Credit: Skitterphoto / Pexels)

Hackers could disable a modern's car airbag and other safety systems, putting the driver and the passengers at grave risk, according to a new warning.

Researchers from security firm Trend Micro have revealed a flaw that could allow the controlling network of a connected car to be overloaded, allowing possible hackers to compromise key systems in the vehicle, including safety aspects.

Trend Micro's report claims that hackers could, with relative ease, overload the controller area network (CAN) standard which the company says is used in "practically every light-duty vehicle currently in circulation today."

The system, which was developed in 1983 and pushed into production in 1989, can be overloaded by sending a huge amount of erroneous messages to push it into a Bus Off state, essentially turning it off. 

This would then allow hackers could turn off individual systems like airbags, or the antilock breaking system - although the report adds that the hacker would need to be one of the passengers in order to make it work.

Scary as it may sound, the hacker would also need a “specially-crafted attack device” in order to make it work. And that device needs to be introduced via local access, meaning the hacker would need to be in the car. Trend Micro says the only way to eliminate the vulnerability is to make large changes to the standard used.

"Car manufacturers can only mitigate the attack we demonstrated by adopting specific network countermeasures, but cannot eliminate it entirely," the post said. "To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented. This whole process would likely require another generation of vehicles."

Image Credit: Skitterphoto / Pexels

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.