efeefe

The Five Coolest Hacks of 2007 - Desktop Security News Analysis - Dark Reading

The Five Coolest Hacks of 2007
1. The car navigation system

DECEMBER 31, 2007 | A pair of Italian researchers earlier this year drove right through holes they discovered in some car navigation systems — vulnerabilities that would let an attacker inject phony messages into the system or launch a denial-of-service attack against it. (See Hacking the Car Navigation System.)

Andrea Barisani, chief security engineer of Inverse Path, and Daniele Bianco, hardware hacker for Inverse Path, built tools for hacking satellite-based navigation systems that use Radio Data System-Traffic Message Channel (RDS-TMC) to receive traffic broadcasts and emergency messages. RDS-TMC is popular in vehicle navigation systems sold in Europe, and has been catching on in North America as well.

RDS-TMC provides broadcasts on traffic conditions, accidents, and detours for the driver. Its main weakness: It doesn’t authenticate where the traffic comes from, the researchers say. That leaves the door wide open for a bad guy to reroute drivers to a detour, or to overwhelm it with a DDOS, killing the navigation system as well as its climate-control system and stereo.

The researchers tested their hardware and software tools with a one- to five-kilometer radius of the targeted vehicles, but they say an attacker could target a specific vehicle by adding a directional antenna, for instance. The good news is there are some emerging navigation-system technologies that may be safer — including one that will include encryption, although that’s at least five years out.

So how can you tell if your navigation system has been hacked? There’s not much you can do until it’s too late and your AC and stereo are out, and you’re sitting on a hot and dusty, deserted road nowhere near Starbucks.