0wn a car via toxic mp3!

"Did this remix just say, 'sudo disable the brakes'?"

But their most interesting attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car's stereo, this song could alter the firmware of the car's stereo system, giving attackers an entry point to change other components on the car.
Tags: , , , ,

4 Responses:

  1. Ye Gods, don't tell Sony about this! Can you imagine the malware they would write knowing they could control cars?

    "Buy Adam Lambert's next album or we cut the brakes."


    • Louis says:

      Hmm, why do that, just get the on-board iTunes to buy the tracks without the user's approval.

      What, don't cars come in with iTunes yet?

      • Pavel says:

        Not until Apple releases the iCar. It won't have a steering wheel, and will just have a single pedal, etc., etc.

        The rest of this Apple joke has been left as an exercise for the reader.

  2. Lloyd says:

    When Stefan Savage was working on attacks showing that TCP counting individual acks, rather than bytes, was easily exploited (leading to RFC3465), I christened them 'savage attacks'. He was surprised by the term.

    Now, it's a Stefan Savage Hole, so you SSH the car.

    (btw, watching the flickery javascript preview update every time I type a letter is very annoying; generic user id picture appears and disappears, and probably needs width/height tags to decrease reflowing.)