acm-header
Sign In

Communications of the ACM

ACM TechNews

Researchers Find Vulnerabilities in Cars Connected to Smartphones


View as: Print Mobile App Share:
Hardware setup in which an Android phone is integrated with the head unit of a 2015 model vehicle (upper left).

Researchers at New York and George Mason universities have uncovered vulnerabilities in MirrorLink, a system of rules that enable vehicles to communicate with smartphones.

Credit: New York University

Researchers at New York (NYU) and George Mason universities have found vulnerabilities in MirrorLink, a system of rules that enable vehicles to communicate with smartphones.

MirrorLink, created by the Connected Car Consortium, is the leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems. However, some automakers disable MirrorLink because they chose a different smartphone-to-IVI standard, or because the version of MirrorLink in their vehicles is a prototype that can be activated later.

The researchers found MirrorLink is easy to enable, and when unlocked can allow hackers to use a linked smartphone to control safety-critical components, such as the anti-lock braking system.

People or companies that customize automobiles, known as "tuners," might unwittingly enable hackers by unlocking insecure features, the researchers warn.

"Tuners will root around for these kinds of prototypes, and if these systems are easy to unlock they will do it," says NYU professor Damon McCoy.

The researchers used publicly available instructions to unlock MirrorLink on the in-vehicle infotainment system in a 2015 vehicle they purchased from eBay for the experiment.

From New York University
View Full Article

 

Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account