Can an MP3 hack your car?

March 18, 2011 by Katie Gatto

(PhysOrg.com) -- The idea that someone can get into your car without your permission isn't a new one. It's about as old as the coat hanger, but that was back in the days when you locks had a pull up button. We tend to think that digital car locks are safer, because it takes a higher level of sophistication to get into them, when Physorg reported on it in January, it was security professionals who were stealing the cars, but now it may be easier to boost you car, with the most innocuous of devices.

Researchers at the University of California, San Diego led by Stefan Savage, and Tadayoshi Kohno of the University of Washington, who have been looking at the vulnerabilities in electronic vehicle controls have found that cars that are built to be compatible with Bluetooth wireless technology have the potential to be hacked using that connection.

The Bluetooth connection, which is designed to let your car and your phone work well together has the potential to be exploited in ways that would allow a less than scrupulous individual to upload malicious code to your car using an audio file. So, a song could literally give your car a virus. If you want to go one creepier, the researchers also found ways to pair the cars to a Bluetooth-enabled devices in order to execute that malicious code. So someone could be controlling your car, without you ever knowing it. The code can even be snuck in on an MP3. Burned onto a CD player, and put into your car. When the song is played becomes a Trojan Horse and can then alter the car's firmware, giving it access to the car's key systems.

The researchers would not comment on which model of car they had conducted this research on, only that it was a 2009 sedan with fewer computer systems than the average car, but we do know it was not a luxury car.

- Tweet
- PHYSorg.com on Twitter

- Reddit
- Delicious
- Yahoo! bookmarks
- RSS
- QR code

view popular send feedback to editors

3.3 /5 (3 votes)

Move the slider to adjust rank threshold, so that you can hide some of the comments.

Display comments: newest first

Tainted
Mar 18, 2011

Rank: not rated yet

That's really cool. Someone keeps breaking into my dads Jeep and stealing his cds. He asked if I could put a virus on a burned cd to screw over whoever is stealing his cds. Now, that may be a possibility assuming the thief has a nice car and uses the cd.

6_6
Mar 18, 2011

Rank: 5 / 5 (1)

but it's relying on the fact the mp3 be loaded on a vulnerable device.. also do your poor dad a favor and buy him something better than a cd player lol

blazingspark
Mar 18, 2011

Rank: not rated yet

This is silly, I've been in the IT industry for a while and I don't see how any device which plays audio files would suddenly start executing code. There is a big difference between reading and executing. Sounds like the implementation is buggy or this article is just taking advantage of scaring clueless people.

hard2grep
Mar 19, 2011

Rank: not rated yet

I could see this a possibly true; The question is how the computer in the car is set up. If you can run diagnostics thru the cd player, then it is easy to take control of the computer. But.. I could have swore that the only way to boot the computer would be through an auxiliary dongle. You can use a disk to modify older xboxes, but I cannot see the auto industry leaving such a large hole in security in light of all the car modding available now.

BillFox
Mar 19, 2011

Rank: 2 / 5 (1)

This is silly, I've been in the IT industry for a while and I don't see how any device which plays audio files would suddenly start executing code. There is a big difference between reading and executing. Sounds like the implementation is buggy or this article is just taking advantage of scaring clueless people.

I am in the same industry as you are, and apparently you're not up to par with security vulnerabilities. I remember some 5 years ago when people could hack a cell phone within bluetooth range to charge them ten bucks a minute on any calls. Bluetooth allows an interface to your stereo but what is your deck wired to? Possibly other computer systems?

blazingspark
Mar 22, 2011

Rank: not rated yet

I am in the same industry as you are, and apparently you're not up to par with security vulnerabilities. I remember some 5 years ago when people could hack a cell phone within bluetooth range to charge them ten bucks a minute on any calls. Bluetooth allows an interface to your stereo but what is your deck wired to? Possibly other computer systems?

I am well aware of security vulnerabilities. Still playing mp3's is very different to hacking a wireless network connection like bluetooth. Network connections provide access to services which execute code - providing many openings to exploit.
In a properly implemented system the bluetooth interface would be limited in what it can do on the hardware level. Why would a stereo need access to the cars central locking mechanism?
Also, this article was talking about hacking via an mp3 file. This is very different.. What kind of mp3 player executes code embedded in an mp3? It would just detect it is a damaged file and stop the playback!

Rank

3.3 /5 (3 votes)

more news

Can an MP3 hack your car?

Filter

Beware of Hackers Controlling Your Automobile

Sony Bluetooth car stereo comes to Canada

Car Buyers Say Silence Isn't Golden

Jaguar Leaps into Luxury of Bluetooth Wireless Technology

More news stories

SpotterRF debuts Radar Backpack Kit (w/ Video)

Probability of contamination from severe nuclear reactor accidents is higher than expected: study

Delphi gasoline-injection engine technique rivals hybrid's edge

HyperSolar shows dirty water no barrier to power world

Tesla to launch electric sedan in US on June 22

Dell tablet leak: 10.1-inch display, two-battery choice

Scientist: Evolution debate will soon be history

SpaceX capsule has 'new car' smell, astronauts say (Update)

Keep food safety in mind this memorial day weekend

Thousands of shellfish found dead in Peru

Astronomers seize last chance in lifetime for Venus Transit