Language Selection

English French German Italian Portuguese Spanish

Linux Bluetooth hackers hijack car audio

Filed under
Linux

inux hackers have demonstrated a way to inject or record audio signals from passing cars running insecure Bluetooth hands-free units. The Trifinite group showed how hackers could eavesdrop on passing motorists using a directional antenna and a Linux Laptop running a tool it has developed called Car Whisperer.

The software was demonstrated during a Bluetooth Security talk at last week's What the Hack hacker festival in The Netherlands. Trifinite has developed a specialism in unearthing Bluetooth security shortcomings, the latest of which illustrates implementation problems rather than more deep-seated security concerns with the protocol. Car Whisperer only works because many car manufacturers use standard Bluetooth passkeys such as "0000" or "1234" which are easy to guess. "This is often is the only authentication that is needed to connect," according to Trifinite.

Once connected hackers can interact with other drivers or even eavesdrop conversations from inside other cars by accessing the microphone. And that's just for starters.

"Since the attacker's laptop is fully trusted once it has a valid link key, the laptop could be used in order to access all the services offered on the hands-free unit. Often, phone books are stored in these units. I am quite certain that there will be more issues with the security of these systems due to the use of standard pass keys," Trifinite notes.

By John Leyden
theregister

More in Tux Machines

NVIDIA Linux Performance-Per-Dollar: What The RX 480 Will Have To Compete Against

There's a lot of benchmarking going on this weekend at Phoronix in preparation for next week's Radeon RX 480 Linux review. Here are some fresh results on the NVIDIA side showing the current performance-per-dollar data for the NVIDIA Maxwell and Pascal graphics cards for seeing what the RX 480 "Polaris 10" card will be competing against under Linux. Read more

RaspAnd Project Brings Android 6.0 Marshmallow to Raspberry Pi 3, Now with GAAPS

Android-x86 and GNU/Linux developer Arne Exton has informed Softpedia today, June 25, 2016, about the immediate availability of a new build of his RaspAnd distribution for Raspberry Pi single-board computers. RaspAnd Build 160625 is the first to move the Android-x86-based distro to the latest Android 6.0.1 Marshmallow mobile operating system created by Google. And in the good tradition of the RaspAnd project, both Raspberry Pi 3 Model B and Raspberry Pi 2 Model B are supported. Read more

BSD Leftovers

  • FreeBSD 11.0 Alpha 5 Released, Schedule So Far Going On Track
    The fifth alpha release of the huge FreeBSD 11.0 operating system update is now available for testing. FreeBSD 11.0 is bringing updated KMS drivers, Linux binary compatibility layer improvements, UEFI improvements, Bhyve virtualization improvements, and a wide range of other enhancements outlined via the in-progress release notes.
  • DragonFly's HAMMER2 File-System Sees Some Improvements
    The HAMMER2 file-system is going on four years in development by the DragonFlyBSD crew, namely by its founder Matthew Dillon. It's still maturing and taking longer than anticipated, but this is yet another open-source file-system.

Debian GNU/Linux 9 "Stretch" to Ship with GCC 6 by Default, Binutils 2.27

Debian developer Matthias Klose has announced that the new GCC 6 compiler, which will be made the default GCC compiler for the upcoming Debian GNU/Linux 9 "Stretch" operating system, is now available in the Debian Testing repos. Debian users who are currently using Debian Testing can make GCC 6 the default compiler by installing the gcc/g++ packages from experimental. If installing it, they are also urged to help fix reported built failures in Debian Testing and Debian Unstable. Read more