Hackers can force airbags to deploy

Common Vulnerabilities and Exposures number 2017-14937: in unspecified post-2014 passenger car models, the explosive charge that deploys the airbag is controlled by an instruction that is secured by one of only 256 keypairs, and there is no rate-limit on authentication attempts over the CAN bus. It gets better! "In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used)."


CVE-2017-14937 [Mitre]


(via Dan Hon)

Loading...