How to Brick Your Car by Looking for Hidden Options

A late-model Volkswagen Touareg. Credit: M 93/Creative Commons

(Image credit: A late-model Volkswagen Touareg. Credit: M 93/Creative Commons)

LAS VEGAS — Want your new car to have optional features such as a Wi-Fi hotspot or TV tuner, but don't want to pay extra? You may soon be able to hack the entertainment system to get those options for free, a Swiss researcher showed at the DEF CON 22 hacker conference here yesterday (Aug. 10).

Paul Such of Lausanne-based security firm SCRT explained that modern vehicle entertainment systems can do much more than just play music. They also routinely handle navigation, control interior lighting, door locks, heating and air conditioning, and also manage Bluetooth links to cellphones.

MORE: 12 Things You Didn't Know Could Be Hacked

Some cars also have the options to add cellular-based Wi-Fi hotspots and TV tuners. In some models, those extras are built into every car, Such said; customers who opt for them are actually only paying to have them switched on.

Such suspected that his own car, a Volkswagen Touareg 2, was one such model. After a year of trying different button combinations during his commute to work, he found that holding "PHONE" and "SETUP" together for five seconds would allow a firmware update.

Pressing "PHONE," "SETUP," "TRAFFIC," "NAV" and "CLIMATE" at the same time rebooted the entertainment system. (The same model of entertainment system, RNS 850, is also used on some Audi and Bentley vehicles.)

Both commands accessed hidden menus, which confirmed that Such's Touareg did indeed have extra abilities he hadn't paid for. It also showed that a dozen different developers at the firm that wrote the software for Volkswagen still had administrative accounts on the system.

"I looked them up on LinkedIn," Such said, displaying LinkedIn pages with last names blacked out.

The problem was turning those hidden options on. Such had found how to update the firmware — data could be input via USB, SD card or a CD — but he didn't know enough about the software to initiate a successful firmware update of his own design.

Unfortunately, he still doesn't. After much time spent learning how to write software for the entertainment system's operating system, Such attempted to push through a firmware update — and killed it.

"I bricked the car," he admitted.

The car would still drive properly, Such explained, but the entertainment system was dead. Such couldn't use the radio, climate control or GPS, or remotely control the locks.

Most mechanics Such took the car to couldn't figure out what was going on, or refused to believe there was a hard drive onboard (it's behind the glove box). Three months later, Such finally got the system restored by telling a mechanic the "black box" needed replacing.

"I have a very expensive hobby," he joked. "My wife won't let me approach her car with a laptop."

But he's not done tinkering. Now that he knows his car has the ability to operate a Wi-Fi hotspot and receive TV broadcasts, Such will keep trying to figure out how to turn those features on.

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.