Language Selection

English French German Italian Portuguese Spanish

Linux Bluetooth hackers hijack car audio

Filed under
Linux

inux hackers have demonstrated a way to inject or record audio signals from passing cars running insecure Bluetooth hands-free units. The Trifinite group showed how hackers could eavesdrop on passing motorists using a directional antenna and a Linux Laptop running a tool it has developed called Car Whisperer.

The software was demonstrated during a Bluetooth Security talk at last week's What the Hack hacker festival in The Netherlands. Trifinite has developed a specialism in unearthing Bluetooth security shortcomings, the latest of which illustrates implementation problems rather than more deep-seated security concerns with the protocol. Car Whisperer only works because many car manufacturers use standard Bluetooth passkeys such as "0000" or "1234" which are easy to guess. "This is often is the only authentication that is needed to connect," according to Trifinite.

Once connected hackers can interact with other drivers or even eavesdrop conversations from inside other cars by accessing the microphone. And that's just for starters.

"Since the attacker's laptop is fully trusted once it has a valid link key, the laptop could be used in order to access all the services offered on the hands-free unit. Often, phone books are stored in these units. I am quite certain that there will be more issues with the security of these systems due to the use of standard pass keys," Trifinite notes.

By John Leyden
theregister

More in Tux Machines

Google Fixed GHOST Exploit in Chrome OS in 2014 and Didn't Tell Anyone

Details about a GLIBC vulnerability were published a couple of days ago by a company called Qualys, and the distributions using it have already received patches. Now, it seems that Google knew about this problem, patched it in ChromeOS a year ago, and forgot to say anything to anyone. Read more

ESA implements open source based private cloud infrastructure

The European Space Agency (ESA) has implemented a private cloud infrastructure to offer IT services to its user communities. The datacentre in Frascati, Italy, is already operational, while a second datacentre in Darmstadt, Germany, has just been completed. Read more

Today in Techrights

A small note on window decorations

If you have updated to the recently released GNOME development version, you may have noticed that some window decorations look slightly different. Of course it is quite normal for the theme to evolve with the rest of GNOME, but in this case the visual changes are actually the result of some bigger changes under the hood which deserve some more explanation. It is well-known that GTK+ gained support for client-side decorations a while ago – after all, most GNOME applications were quick in adopting custom titlebars, which have become one of the most distinguished patterns of GNOME 3 applications. However it is less well-known that client-side decorations may also be used for windows with no custom decorations, namely when using GDK’s wayland backend. Read more