Can an MP3 hack your car?

Mar 18, 2011 by Katie Gatto weblog

(PhysOrg.com) -- The idea that someone can get into your car without your permission isn't a new one. It's about as old as the coat hanger, but that was back in the days when you locks had a pull up button. We tend to think that digital car locks are safer, because it takes a higher level of sophistication to get into them, when Physorg reported on it in January, it was security professionals who were stealing the cars, but now it may be easier to boost you car, with the most innocuous of devices.

Researchers at the University of California, San Diego led by Stefan Savage, and Tadayoshi Kohno of the University of Washington, who have been looking at the vulnerabilities in electronic vehicle controls have found that cars that are built to be compatible with Bluetooth have the potential to be hacked using that connection.

The Bluetooth connection, which is designed to let your car and your phone work well together has the potential to be exploited in ways that would allow a less than scrupulous individual to upload to your car using an audio file. So, a song could literally give your car a virus. If you want to go one creepier, the researchers also found ways to pair the cars to a Bluetooth-enabled devices in order to execute that malicious code. So someone could be controlling your car, without you ever knowing it. The code can even be snuck in on an MP3. Burned onto a CD player, and put into your car. When the song is played becomes a and can then alter the car's firmware, giving it access to the car's key systems.

The researchers would not comment on which model of car they had conducted this research on, only that it was a 2009 sedan with fewer than the average car, but we do know it was not a luxury car.

Explore further: Skin icons can tap into promise of smartwatch

Related Stories

Beware of Hackers Controlling Your Automobile

May 18, 2010

(PhysOrg.com) -- A team of researchers led by Professor Stefan Savage from the University of California, San Diego and Tadayoshi Kohno from the University of Washington set out to see what it would take to ...

Car Buyers Say Silence Isn't Golden

Jul 12, 2005

The technology improvements that are giving us ever quieter cars are not proving popular with many car drivers. Car manufacturers now want to restore to the inside of a car the sounds their customers want ...

Jaguar Leaps into Luxury of Bluetooth Wireless Technology

Mar 14, 2005

Motorola, Inc. and Jaguar announced the availability of the Jaguar Bluetooth system – a new hands-free in-vehicle communication system using Bluetooth wireless technology – across all Jaguar 2005 model year vehicles. Once a J ...

Software patch makes car more fuel-efficient

Feb 28, 2007

A car wastes energy almost continuously. Whether it is running in first, second, or a higher gear, there is only one position of the accelerator that guarantees optimal performance. Accelerating a little less or a little ...

Finnish firms announce electric car plans

Aug 06, 2009

Finnish engineering company Metso's unit Valmet Automotive and utility Fortum said Thursday they will jointly develop an electric concept car to be shown at the Geneva Motor Show in March 2010.

Recommended for you

Skin icons can tap into promise of smartwatch

17 hours ago

You have heard it before: smartwatches are cool wearables but critics remind us of the fact that their small size makes many actions cumbersome and they question how many people will really have them on their ...

Japan firm showcases Bat-Signal of the future

Oct 20, 2014

A free-floating image created by firing lasers into thin air was unveiled in Japan on Monday, offering the possibility one day of projecting messages into a cloudless sky, as seen in Batman.

Do we want an augmented reality or a transformed reality?

Oct 14, 2014

It seems we are headed towards a world where augmented reality (AR) systems will be as common as smartphones are today – it's already about to revolutionise medicine, entertainment, the lives of disabled peop ...

Can it be real? Augmented reality melds work, play

Oct 14, 2014

(AP)—Mark Skwarek is surrounded by infiltrating militants in New York's Central Park. He shoots one, then hearing a noise from behind, spins to take down another. All of a sudden, everything flashes red. ...

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

Tainted
not rated yet Mar 18, 2011
That's really cool. Someone keeps breaking into my dads Jeep and stealing his cds. He asked if I could put a virus on a burned cd to screw over whoever is stealing his cds. Now, that may be a possibility assuming the thief has a nice car and uses the cd.
6_6
5 / 5 (1) Mar 18, 2011
but it's relying on the fact the mp3 be loaded on a vulnerable device.. also do your poor dad a favor and buy him something better than a cd player lol
blazingspark
not rated yet Mar 18, 2011
This is silly, I've been in the IT industry for a while and I don't see how any device which plays audio files would suddenly start executing code. There is a big difference between reading and executing. Sounds like the implementation is buggy or this article is just taking advantage of scaring clueless people.
hard2grep
not rated yet Mar 19, 2011
I could see this a possibly true; The question is how the computer in the car is set up. If you can run diagnostics thru the cd player, then it is easy to take control of the computer. But.. I could have swore that the only way to boot the computer would be through an auxiliary dongle. You can use a disk to modify older xboxes, but I cannot see the auto industry leaving such a large hole in security in light of all the car modding available now.
BillFox
2 / 5 (1) Mar 19, 2011
This is silly, I've been in the IT industry for a while and I don't see how any device which plays audio files would suddenly start executing code. There is a big difference between reading and executing. Sounds like the implementation is buggy or this article is just taking advantage of scaring clueless people.


I am in the same industry as you are, and apparently you're not up to par with security vulnerabilities. I remember some 5 years ago when people could hack a cell phone within bluetooth range to charge them ten bucks a minute on any calls. Bluetooth allows an interface to your stereo but what is your deck wired to? Possibly other computer systems?
blazingspark
not rated yet Mar 22, 2011
I am in the same industry as you are, and apparently you're not up to par with security vulnerabilities. I remember some 5 years ago when people could hack a cell phone within bluetooth range to charge them ten bucks a minute on any calls. Bluetooth allows an interface to your stereo but what is your deck wired to? Possibly other computer systems?
I am well aware of security vulnerabilities. Still playing mp3's is very different to hacking a wireless network connection like bluetooth. Network connections provide access to services which execute code - providing many openings to exploit.
In a properly implemented system the bluetooth interface would be limited in what it can do on the hardware level. Why would a stereo need access to the cars central locking mechanism?
Also, this article was talking about hacking via an mp3 file. This is very different.. What kind of mp3 player executes code embedded in an mp3? It would just detect it is a damaged file and stop the playback!