Two security experts have discovered a way to inject false messages - some amusing and others potentially frightening - into car satellite navigation (satnav) systems.
Andrea Barisani, chief security engineer for Inverse Path, and Daniele Bianco, a hardware hacker at Inverse Path, used off-the-shelf equipment to transmit messages to their car satnav system warning of conditions ranging from foggy weather to terrorist attacks. They presented their findings on Friday at CanSecWest a security conference taking place this week in Vancouver.
Barisani and Bianco sent the messages over RDS (Radio Data System), a standard created in Europe but also used in North America that allows FM radio stations to transmit data over a sliver of spectrum that runs along every FM channel. RDS can contain information such as the name of the radio station. It can also transmit traffic information.
Over the past couple of years, satnav systems have begun receiving that data so that users are alerted to traffic or weather conditions, Barisani said.
Barisani and Bianco found that they could build a device that transmits over the RDS channel. Through trial and error, they discovered that transmitting certain code numbers translates into certain warnings that are displayed on the satnav system.
Some were amusing. One code number alerts users that there's a bull fight in progress. Another one indicates delays due to a parade.
But some weren't so funny. One tells users that there has been a terrorist incident. Another indicates a bomb alert and another an air crash.
The researchers demonstrated this capability in order to spread awareness that this type of hack could happen maliciously. Barisani advises satnav users that if they ever see an alarming message on their device, "don't freak out immediately, listen to the news on the radio to get confirmation”.
They found that the RDS data isn't authenticated or encrypted, which allowed them to broadcast the data to be picked up by any satnav systems. Most satnav devices cycle through the FM channels looking for the traffic data that could be broadcast over RDS, Barisani said. A hacker could obscure an existing station, like a man-in-the-middle attack, in order to transmit what they want. Or, a hacker could also transmit over an unused channel, he said.
Satnav systems that are built into cars aren't easy for users to upgrade, so Barisani doesn't expect the manufacturers to be able to make any changes that could prevent this type of attack. But he hopes that future standards might address the issue.
See PC Advisor's Satellite Navigation buyers guide.