A trio of researchers disabled the airbags in an Audi TT using a zero-day exploit in third party software that is commonly used by mechanics.
Researchers András Szijj, Levente Buttyán of CrySyS Lab and Zsolt Szalay of Budapest University of Technology and Economics said the attack requires a mechanic's computer to be compromised or for a malicious USB drive to be plugged into the vehicle for the exploit to work, according to the Register.
The attack takes control of the diagnostic system allowing items to be switched on or off without being noticed by the driver.
Buttyán told the Register that the exploit is not connected to Volkswagen (VW), Audi's parent company, but said the vulnerable software is compatible with cars sold by VW. Other researchers have also found the software used in repair shops and dealerships vulnerable.