Communications of the ACM
Researchers Find Vulnerabilities in Cars Connected to Smartphones
Researchers at New York and George Mason universities have uncovered vulnerabilities in MirrorLink, a system of rules that enable vehicles to communicate with smartphones.
Credit: New York University
Researchers at New York (NYU) and George Mason universities have found vulnerabilities in MirrorLink, a system of rules that enable vehicles to communicate with smartphones.
MirrorLink, created by the Connected Car Consortium, is the leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems. However, some automakers disable MirrorLink because they chose a different smartphone-to-IVI standard, or because the version of MirrorLink in their vehicles is a prototype that can be activated later.
The researchers found MirrorLink is easy to enable, and when unlocked can allow hackers to use a linked smartphone to control safety-critical components, such as the anti-lock braking system.
People or companies that customize automobiles, known as "tuners," might unwittingly enable hackers by unlocking insecure features, the researchers warn.
"Tuners will root around for these kinds of prototypes, and if these systems are easy to unlock they will do it," says NYU professor Damon McCoy.
The researchers used publicly available instructions to unlock MirrorLink on the in-vehicle infotainment system in a 2015 vehicle they purchased from eBay for the experiment.
From New York University
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found