Marcy’s Musing: From Pitch to PO—The Sales Stack
It’s Only Common Sense: Knowing When to Walk Away
Dan’s Biz Bookshelf: ‘Elevate: Push Beyond Your Limits'
Researchers Find Vulnerabilities in Cars Connected to Smartphones
September 2, 2016 | NYU TandonEstimated reading time: 1 minute
Many of today's automobiles leave the factory with secret passengers: prototype software features that are disabled but that can be unlocked by clever drivers.
In what is believed to be the first comprehensive security analysis of its kind, Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering, and a group of students at George Mason University found vulnerabilities in MirrorLink, a system of rules that allow vehicles to communicate with smartphones.
MirrorLink, created by the Connected Car Consortium, which represents 80% of the world's automakers, is the first and leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems. However, some automakers disable it because they chose a different smartphone-to-IVI standard, or because the version of MirrorLink in their vehicles is a prototype that can be activated later.
McCoy and his colleagues found that MirrorLink is relatively easy to enable, and when unlocked can allow hackers to use a linked smartphone as a stepping stone to control safety-critical components such as the vehicle's anti-lock braking system. McCoy explained that "tuners" - people or companies who customize automobiles - might unwittingly enable hackers by unlocking insecure features.
"Tuners will root around for these kinds of prototypes, and if these systems are easy to unlock they will do it," he said. "And there are publically available instructions describing how to unlock MirrorLink. Just one of several instructional videos on YouTube has gotten over 60,000 views." The researchers used such publically available instructions to unlock MirrorLink on the in-vehicle infotainment system in a 2015 vehicle they purchased from eBay for their experiments.
The automaker and supplier declined to release a security patch - reflecting the fact that they never enabled MirrorLink. McCoy pointed out that this could leave drivers who enable MirrorLink out on a limb.
The authors hope their research, presented at the 10th USENIX Workshop on Offensive Technologies (WOOT '16) in Austin, Texas, will raise the issue of drivers unlocking potentially insecure features before IVI protocols such as MirrorLink are even more widely deployed.
Share on:
Suggested Items
ESD Alliance Reports Electronic System Design Industry Posts $5.1 Billion in Revenue in Q1 2025
07/16/2025 | SEMIElectronic System Design (ESD) industry revenue increased 12.8% to $5,098.3 million in the first quarter of 2025 from the $4,521.6 million registered in the first quarter of 2024, the ESD Alliance, a SEMI Technology Community, announced in its latest Electronic Design Market Data (EDMD) report.
Japan’s OHISAMA Project Aims to Beam Solar Power from Space This Year
07/14/2025 | I-Connect007 Editorial TeamJapan could be on the cusp of making history with its OHISAMA project in its quest to become the first country to transmit solar power from space to Earth, The Volt reported.
Redwire Announces Addition of the Edge Autonomy Stalker Uncrewed Aerial System to DoD’s Blue List of Approved Drones
07/14/2025 | BUSINESS WIRERedwire Corporation, a global leader in aerospace and defense technology solutions, announced that the Stalker uncrewed aerial system (UAS), developed by Redwire’s wholly owned subsidiary Edge Autonomy, has been granted an Authority to Operate (ATO) and is now on the Defense Innovation Unit (DIU) Blue UAS List.
OSI Systems Receives $34 Million Contract for Cargo and Vehicle Inspection Systems
07/11/2025 | BUSINESS WIREOSI Systems, Inc. announced that its Security division has been awarded a contract worth approximately $34 million by an international customer.
Microchip Expands Space-Qualified FPGA Portfolio with New RT PolarFire® Device Qualifications and SoC Availability
07/10/2025 | MicrochipContinuing to support the evolving needs of space system developers, Microchip Technology has announced two new milestones for its Radiation-Tolerant (RT) PolarFire® technology: MIL-STD-883 Class B and QML Class Q qualification of the RT PolarFire RTPF500ZT FPGA and availability of engineering samples for the RT PolarFire System-on-Chip (SoC) FPGA.