Researchers Find Vulnerabilities in Cars Connected to Smartphones
September 2, 2016 | NYU TandonEstimated reading time: 1 minute
Many of today's automobiles leave the factory with secret passengers: prototype software features that are disabled but that can be unlocked by clever drivers.
In what is believed to be the first comprehensive security analysis of its kind, Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering, and a group of students at George Mason University found vulnerabilities in MirrorLink, a system of rules that allow vehicles to communicate with smartphones.
MirrorLink, created by the Connected Car Consortium, which represents 80% of the world's automakers, is the first and leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems. However, some automakers disable it because they chose a different smartphone-to-IVI standard, or because the version of MirrorLink in their vehicles is a prototype that can be activated later.
McCoy and his colleagues found that MirrorLink is relatively easy to enable, and when unlocked can allow hackers to use a linked smartphone as a stepping stone to control safety-critical components such as the vehicle's anti-lock braking system. McCoy explained that "tuners" - people or companies who customize automobiles - might unwittingly enable hackers by unlocking insecure features.
"Tuners will root around for these kinds of prototypes, and if these systems are easy to unlock they will do it," he said. "And there are publically available instructions describing how to unlock MirrorLink. Just one of several instructional videos on YouTube has gotten over 60,000 views." The researchers used such publically available instructions to unlock MirrorLink on the in-vehicle infotainment system in a 2015 vehicle they purchased from eBay for their experiments.
The automaker and supplier declined to release a security patch - reflecting the fact that they never enabled MirrorLink. McCoy pointed out that this could leave drivers who enable MirrorLink out on a limb.
The authors hope their research, presented at the 10th USENIX Workshop on Offensive Technologies (WOOT '16) in Austin, Texas, will raise the issue of drivers unlocking potentially insecure features before IVI protocols such as MirrorLink are even more widely deployed.
Suggested Items
Lockheed Martin Successfully Transitions Long Range Discrimination Radar To The Missile Defense Agency
04/23/2024 | Lockheed MartinThe Long Range Discrimination Radar (LRDR) at Clear Space Force Station in Clear, Alaska, completed DD250 final acceptance and was officially handed over to the Missile Defense Agency in preparation for an Operational Capability Baseline (OCB) decision and final transition to the Warfighter. In addition, prior to this transition, the system has started Space Domain Awareness data collects for the United States Space Force.
US Department of Defense Selects Intel Foundry for Phase Three of RAMP-C
04/23/2024 | IntelThe U.S. Department of Defense (DoD) has awarded Intel Foundry Phase Three of its Rapid Assured Microelectronics Prototypes - Commercial (RAMP-C) program.
Real Time with... IPC APEX EXPO 2024: AI Implementation at Omron
04/18/2024 | Real Time with...IPC APEX EXPOEditor Nolan Johnson and Omron Product Manager Nick Fieldhouse discuss the company's focus on AI implementation to enhance customer experience and results. They address programming challenges and how AI can help customers achieve better outcomes with less experience. Omron's AI is compatible with existing systems, facilitating easy upgrades.
Cadence Unveils Palladium Z3 and Protium X3 Systems
04/18/2024 | Cadence Design SystemsThe Palladium Z3 and Protium X3 systems offer increased capacity, and scale from job sizes of 16 million gates up to 48 billion gates, so the largest SoCs can be tested as a whole rather than just partial models, ensuring proper functionality and performance.
Real Time with... IPC APEX EXPO 2024: MYCRONIC's Evolution and New Solutions
04/17/2024 | Real Time with...IPC APEX EXPOHenry Crandall interviews Kevin Clue, the vice president of global sales for MYCRONIC's High Flex division. They discuss the company's evolution, emphasizing its strong customer relationships and its role as a versatile, turnkey solution provider. Kevin unveils new solutions launched at IPC APEX EXPO, including an AI-integrated inspection system and the A40 pick-and-place platform. The conversation also touches on the increased use of AI and deep learning.