Satellite navigation users at risk for false messages

IDG News Service - Two security experts have discovered a way to inject false messages -- some amusing and others potentially frightening -- into car satellite navigation systems.

Andrea Barisani, chief security engineer for Inverse Path Ltd. and Daniele Bianco, a hardware hacker at Inverse Path, used off the shelf equipment to transmit messages to their car satellite navigation system warning of conditions ranging from foggy weather to terrorist attacks. They presented their findings on Friday at CanSecWest a security conference taking place this week in Vancouver.

Barisani and Bianco sent the messages over RDS (Radio Data System), a standard created in Europe but also used in North America that allows FM radio stations to transmit data over a sliver of spectrum that runs along every FM channel. RDS can contain information such as the name of the radio station. It can also transmit traffic information.

Over the past couple of years, satellite navigation systems have begun receiving that data so that users are alerted to traffic or weather conditions, Barisani said.

Barisani and Bianco found that they could build a device that transmits over the RDS channel. Through trial and error, they discovered that transmitting certain code numbers translates into certain warnings that are displayed on the satellite navigation system.

Some were amusing. One code number alerts users that there's a bull fight in progress. Another one indicates delays due to a parade.

But some weren't so funny. One tells users that there has been a terrorist incident. Another indicates a bomb alert and another an air crash.

The researchers demonstrated this capability in order to spread awareness that this type of hack could happen maliciously. Barisani advises satellite navigation users that if they ever see an alarming message on their device, "don't freak out immediately, listen to the news on the radio to get confirmation."

They found that the RDS data isn't authenticated or encrypted, which allowed them to broadcast the data to be picked up by any satellite navigation systems. Most satellite navigation devices cycle through the FM channels looking for the traffic data that could be broadcast over RDS, Barisani said. A hacker could obscure an existing station, like a man-in-the-middle attack, in order to transmit what they want. Or, a hacker could also transmit over an unused channel, he said.

Satellite navigation systems that are built into cars aren't easy for users to upgrade, so Barisani doesn't expect the manufacturers to be able to make any changes that could prevent this type of attack. But he hopes that future standards might address the issue.

Related News and Discussion:

• Two charged with hacking LA traffic lights
• Sharon Machlis: Hacking electronic voting machines
• CJ Kelly: Hacking Stupidity 101: Never hack from home

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.