Security Affairs
Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

How to hack airbag in Audi TT on other models

Researchers demonstrated how disable the airbags on a Audi TT (and others models) and other functions by exploiting a zero-day flaw in third-party software. Lately, many researchers proved that car manufacturers haven’t addressed security vulnerabilities in modern vehicles properly and use of lots of embedded controllers and providing different external interfaces made it possible to […]

How to hack airbag in Audi TT on other models

Researchers demonstrated how disable the airbags on a Audi TT (and others models) and other functions by exploiting a zero-day flaw in third-party software.

Lately, many researchers proved that car manufacturers haven’t addressed security vulnerabilities in modern vehicles properly and use of lots of embedded controllers and providing different external interfaces made it possible to hack and take control of automobile’s core systems.

Once again, a group of three researchers, András Szijj, and Levente Buttyán of CrySyS Lab and Zsolt Szalay of Budapest University of Technology and Economics cooperatively managed to disable airbags in an Audi TT.

The Researchers said that in comparison to the remote hacking of Jeep car, this attack is less severe and less capable threat. They use a zero-day vulnerability in commonly-used diagnostic software that is compatible with cars sold by the Volkswagen. Buttyán emphasized that this flaw “has nothing to do with VW itself” and relates to third-party software only.

Taking control of the vulnerable software means that the attacker is able to switch on or off all the functionalities that the software has been designed to control and check. This flaw enables attackers to falsify the information generated by the car.

Audi TT was the platform to demonstrate this attack and these experiments were carried out during spring 2015. To make the exploit work, mechanic’s computer must be compromised firstly or a malicious USB device to be plugged into the vehicle. The proof-of-concept implementation allows for Man-in-the-Middle attacks between the application and the car (in this case an Audi TT).

hacking airbags audi TT 2 hacking airbags audi TT

This demonstration shows that a Stuxnet-style attack is easy to implement in practice against cars by minimal modification of a diagnostic application. Furthermore, the situation could get worse and more dangerous if hackers could inject a backdoor by updating a car’s embedded control unit firmware via the OBD2 port. This backdoor could be triggered while the car is in motion.

Stephen Checkoway published a research paper in 2011, titled “Comprehensive Experimental Analyses of Automotive Attack Surfaces,” and described the possible ways to infect a car through diagnostic equipment. The researchers said that their work is a proof-of-concept for the aforementioned paper. The detailed explanation of the POC is summarized in the following presentation here.

About the Author

Ali Taherian (@ali_taherian) is an enthusiastic information security Officer. He’s finished his education in information security and has recently been involved in banking software and payment security industry. Taherian is proud to be certified IBM Cloud Computing Solution Advisor and ECSA and enjoys sharing and tweeting about security advances and news.

Edited by Pierluigi Paganini

(Security Affairs –  Airbag, Audi TT)