Control of Brakes, Safety- Components Are at Risk
Researchers from two universities have published a paper, A Security Analysis of an In-Vehicle Infotainment and App Platform, showing another way that smart cars may be hacked.
Damon McCoy, a New York University assistant professor of engineering, and students at George Mason University (GMU) spotlighted vulnerabilities in MirrorLink: the protocol connecting smartphones to auto infotainment systems.
[Check out other STEMRules pieces featuring cyber security.]
MirrorLink was created by the Connected Car Consortium (CCC). It represents auto and smartphone makers, and aftermarket consumer electronics sellers. The CCC never released a security patch for MirrorLink, as carmakers use different smartphone-to-IVI standards.
The researchers used online hacks to show how easily MirrorLink is unlocked, and controlled a 2015 vehicle purchased from eBay . Once open a linked phone can control many car systems. MirrorLink is also vulnerable, if not be relocked after a car is customized.
Sahar Mazloom is a co-author of the car security study. She is a PhD student, working in the Security Lab, in the GMU Department of Computer Science. Mazloom received both her MS (Honors) in Artificial Intelligence and her BS (Honors) in Computer Engineering from Azad University, Qazvin, Iran.
Her current research is on Secure Computation, Differential Privacy, Applied Cryptography, Application/Protocol Security Analysis, Reverse Engineering and Penetration Testing (Software & Hardware).
The NYU/GMU team’s research was funded by General Motors, the National Science Foundation, and the US Department of Homeland Security. The paper was presented, in August, at the 10th USENIX Workshop on Offensive Technologies (WOOT ’16) in Austin, Texas.
NYU Tandon School of Engineering. “Vulnerabilities found in cars connected to smartphones.” ScienceDaily. ScienceDaily, 1 September 2016. <www.sciencedaily.com/releases/2016/09/160901125240.htm>.
Tags: cyber security, cybersecurity