Researchers Find Vulnerabilities in Cars Connected to Smartphones
September 2, 2016 | NYU TandonEstimated reading time: 1 minute
Many of today's automobiles leave the factory with secret passengers: prototype software features that are disabled but that can be unlocked by clever drivers.
In what is believed to be the first comprehensive security analysis of its kind, Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering, and a group of students at George Mason University found vulnerabilities in MirrorLink, a system of rules that allow vehicles to communicate with smartphones.
MirrorLink, created by the Connected Car Consortium, which represents 80% of the world's automakers, is the first and leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems. However, some automakers disable it because they chose a different smartphone-to-IVI standard, or because the version of MirrorLink in their vehicles is a prototype that can be activated later.
McCoy and his colleagues found that MirrorLink is relatively easy to enable, and when unlocked can allow hackers to use a linked smartphone as a stepping stone to control safety-critical components such as the vehicle's anti-lock braking system. McCoy explained that "tuners" - people or companies who customize automobiles - might unwittingly enable hackers by unlocking insecure features.
"Tuners will root around for these kinds of prototypes, and if these systems are easy to unlock they will do it," he said. "And there are publically available instructions describing how to unlock MirrorLink. Just one of several instructional videos on YouTube has gotten over 60,000 views." The researchers used such publically available instructions to unlock MirrorLink on the in-vehicle infotainment system in a 2015 vehicle they purchased from eBay for their experiments.
The automaker and supplier declined to release a security patch - reflecting the fact that they never enabled MirrorLink. McCoy pointed out that this could leave drivers who enable MirrorLink out on a limb.
The authors hope their research, presented at the 10th USENIX Workshop on Offensive Technologies (WOOT '16) in Austin, Texas, will raise the issue of drivers unlocking potentially insecure features before IVI protocols such as MirrorLink are even more widely deployed.
Suggested Items
Textron Systems Collaborates with Kodiak to Develop Uncrewed Military Vehicle
05/20/2024 | PRNewswireTextron Systems Corporation, a Textron Inc. company, a leading developer of crewed and uncrewed military ground vehicles, and Kodiak Robotics, Inc., a leading self-driving technology developer for the trucking and defense markets, announced that they are collaborating to develop an autonomous military ground vehicle specifically designed for driverless operations.
RTX's Collins Aerospace Offers Solution for Passengers with Reduced Mobility
05/20/2024 | PRNewswireCollins Aerospace, an RTX business will unveil its cabin solution for onboard wheelchair accommodation next week at the annual Aircraft Interiors Expo in Hamburg, Germany.
U.S. Army Awards Lockheed Martin $756 Million Hypersonic Weapon System Contract
05/20/2024 | Lockheed MartinThe U.S. Army awarded Lockheed Martin a $756 million contract to deliver additional capability for the nation’s ground-based hypersonic weapon system, the Long Range Hypersonic Weapon (LRHW).
Altair Earns ISO/IEC27001:2022 Certification for Global Operations
05/20/2024 | AltairAltair, a global leader in computational intelligence, has earned the ISO/IEC27001:2022 – an information security management system (ISMS) certification – externally audited against the frameworks set by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
PCB Market Size to Grow by $29.06B from 2024-2028
05/17/2024 | PRNewswireThe global printed circuit board (PCB) market size is estimated to grow by USD 29.06 bn from 2024-2028, according to Technavio. The market is estimated to grow at a CAGR of over 6.6% during the forecast period.