Dan's Biz Bookshelf: 'Getting Naked: A Business Fable'
The Chemical Connection: Common Misconceptions in Wet Processing
It’s Only Common Sense: Selling to Engineers
Researchers Find Vulnerabilities in Cars Connected to Smartphones
September 2, 2016 | NYU TandonEstimated reading time: 1 minute
Many of today's automobiles leave the factory with secret passengers: prototype software features that are disabled but that can be unlocked by clever drivers.
In what is believed to be the first comprehensive security analysis of its kind, Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering, and a group of students at George Mason University found vulnerabilities in MirrorLink, a system of rules that allow vehicles to communicate with smartphones.
MirrorLink, created by the Connected Car Consortium, which represents 80% of the world's automakers, is the first and leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems. However, some automakers disable it because they chose a different smartphone-to-IVI standard, or because the version of MirrorLink in their vehicles is a prototype that can be activated later.
McCoy and his colleagues found that MirrorLink is relatively easy to enable, and when unlocked can allow hackers to use a linked smartphone as a stepping stone to control safety-critical components such as the vehicle's anti-lock braking system. McCoy explained that "tuners" - people or companies who customize automobiles - might unwittingly enable hackers by unlocking insecure features.
"Tuners will root around for these kinds of prototypes, and if these systems are easy to unlock they will do it," he said. "And there are publically available instructions describing how to unlock MirrorLink. Just one of several instructional videos on YouTube has gotten over 60,000 views." The researchers used such publically available instructions to unlock MirrorLink on the in-vehicle infotainment system in a 2015 vehicle they purchased from eBay for their experiments.
The automaker and supplier declined to release a security patch - reflecting the fact that they never enabled MirrorLink. McCoy pointed out that this could leave drivers who enable MirrorLink out on a limb.
The authors hope their research, presented at the 10th USENIX Workshop on Offensive Technologies (WOOT '16) in Austin, Texas, will raise the issue of drivers unlocking potentially insecure features before IVI protocols such as MirrorLink are even more widely deployed.
Share on:
Suggested Items
MICROOLED Announces Partnership with Vortex Optics and Brand New US Headquarters
05/02/2025 | BUSINESS WIREMICROOLED Inc., the leading global supplier of AMOLED displays, is proud to announce their partnership with Vortex Optics to advance the development of high-performance weapon sights for optical sighting systems.
LG Innotek to Build FC-BGA into 700 Million USD Business with State-of-the-art Dream Factory
05/01/2025 | PR NewswireLG unveiled the Dream Factory, a hub for the production of FC-BGAs (Flip Chip Ball Grid Arrays), the company's next-generation growth engine, to the media for the first time and announced it on the 30th April.
SEMI 3D & Systems Summit to Spotlight Trends in Hybrid Bonding, Chiplet Architecture and Geopolitical Dynamics
05/01/2025 | SEMILeading experts in 3D integration and systems for semiconductor manufacturing applications will gather at the annual SEMI 3D & Systems Summit, June 25-27, 2025, in Dresden.
The EEcosystem and Dr. Eric Bogatin Launch Free Masterclass for Electronics Engineers
05/01/2025 | The EEcosystemThe EEcosystem, a podcast media and education brand serving professional electronics engineers, is proud to announce the launch of a new online learning platform: The EEcosystem Electronics Masterclass. The platform debuts with Transmission Lines 101, a free course created in partnership with world-renowned signal integrity expert Dr. Eric Bogatin. The course will be available starting May 1, 2025.
Kasuo Electronics Launches Advanced Testing Laboratory to Strengthen Global Supply Chain Quality Assurance
04/29/2025 | BUSINESS WIREKasuo Electronics Co., Ltd, a globally recognized trader of electronic components, has officially operationalized its state-of-the-art testing laboratory.