Dan’s Biz Bookshelf: Four Important Books You Need to Read (Not Just Say You Have)
The Marketing Minute: Cracking the Code of Technical Marketing
Researchers Find Vulnerabilities in Cars Connected to Smartphones
September 2, 2016 | NYU TandonEstimated reading time: 1 minute
Many of today's automobiles leave the factory with secret passengers: prototype software features that are disabled but that can be unlocked by clever drivers.
In what is believed to be the first comprehensive security analysis of its kind, Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering, and a group of students at George Mason University found vulnerabilities in MirrorLink, a system of rules that allow vehicles to communicate with smartphones.
MirrorLink, created by the Connected Car Consortium, which represents 80% of the world's automakers, is the first and leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems. However, some automakers disable it because they chose a different smartphone-to-IVI standard, or because the version of MirrorLink in their vehicles is a prototype that can be activated later.
McCoy and his colleagues found that MirrorLink is relatively easy to enable, and when unlocked can allow hackers to use a linked smartphone as a stepping stone to control safety-critical components such as the vehicle's anti-lock braking system. McCoy explained that "tuners" - people or companies who customize automobiles - might unwittingly enable hackers by unlocking insecure features.
"Tuners will root around for these kinds of prototypes, and if these systems are easy to unlock they will do it," he said. "And there are publically available instructions describing how to unlock MirrorLink. Just one of several instructional videos on YouTube has gotten over 60,000 views." The researchers used such publically available instructions to unlock MirrorLink on the in-vehicle infotainment system in a 2015 vehicle they purchased from eBay for their experiments.
The automaker and supplier declined to release a security patch - reflecting the fact that they never enabled MirrorLink. McCoy pointed out that this could leave drivers who enable MirrorLink out on a limb.
The authors hope their research, presented at the 10th USENIX Workshop on Offensive Technologies (WOOT '16) in Austin, Texas, will raise the issue of drivers unlocking potentially insecure features before IVI protocols such as MirrorLink are even more widely deployed.
Share on:
Testimonial
"The I-Connect007 team is outstanding—kind, responsive, and a true marketing partner. Their design team created fresh, eye-catching ads, and their editorial support polished our content to let our brand shine. Thank you all! "
Sweeney Ng - CEE PCBSuggested Items
India’s Aerospace and Defence Engineered for Power, Driven by Electronics
09/16/2025 | Gaurab Majumdar, Global Electronics AssociationWith a defence budget of $82.05 billion (2025–26) and a massive $223 billion earmarked for aerospace and defence spending over the next decade, India is rapidly positioning itself as a major player in the global defence and aerospace market.
I-Connect007 Launches Advanced Electronics Packaging Digest
09/15/2025 | I-Connect007I-Connect007 is pleased to announce the launch of Advanced Electronics Packaging Digest (AEPD), a new monthly digital newsletter dedicated to one of the most critical and rapidly evolving areas of electronics manufacturing: advanced packaging at the interconnect level.
VIDEOTON EAS's Bulgarian Subsidiary Expands Into Automotive Products
09/15/2025 | VideotonVEAS Bulgaria, engaged in electronics manufacturing, has joined the ranks of VIDEOTON companies authorized to produce automotive products.
Variosystems Strengthens North American Presence with Southlake Relaunch 2025
09/15/2025 | VariosystemsVariosystems celebrated the relaunch of its U.S. facility in Southlake, Texas. After months of redesign and reorganization, the opening marked more than just the return to a modernized production site—it was a moment to reconnect with our teams, partners, and the local community.
Hanwha Aerospace to Collaborate with BAE Systems on Advanced Anti-jamming GPS for Guided Missiles
09/15/2025 | HanwhaHanwha Aerospace has signed a contract with BAE Systems to integrate next-generation, anti-jamming Global Positioning System (GPS) technology into Hanwha Aerospace’s Deep Strike Capability precision-guided weapon system.