Language Selection

English French German Italian Portuguese Spanish

Linux Bluetooth hackers hijack car audio

Filed under
Linux

inux hackers have demonstrated a way to inject or record audio signals from passing cars running insecure Bluetooth hands-free units. The Trifinite group showed how hackers could eavesdrop on passing motorists using a directional antenna and a Linux Laptop running a tool it has developed called Car Whisperer.

The software was demonstrated during a Bluetooth Security talk at last week's What the Hack hacker festival in The Netherlands. Trifinite has developed a specialism in unearthing Bluetooth security shortcomings, the latest of which illustrates implementation problems rather than more deep-seated security concerns with the protocol. Car Whisperer only works because many car manufacturers use standard Bluetooth passkeys such as "0000" or "1234" which are easy to guess. "This is often is the only authentication that is needed to connect," according to Trifinite.

Once connected hackers can interact with other drivers or even eavesdrop conversations from inside other cars by accessing the microphone. And that's just for starters.

"Since the attacker's laptop is fully trusted once it has a valid link key, the laptop could be used in order to access all the services offered on the hands-free unit. Often, phone books are stored in these units. I am quite certain that there will be more issues with the security of these systems due to the use of standard pass keys," Trifinite notes.

By John Leyden
theregister

More in Tux Machines

Linux and Graphics

  • Linux Kernel 4.10 Now Available for Linux Lite Users, Here's How to Install It
    Minutes after the release of Linux kernel 4.10 last evening, Jerry Bezencon from the Linux Lite project announced that users of the Ubuntu-based distribution can now install it on their machines. Linux 4.10 is now the most advanced kernel branch for all Linux-based operating systems, and brings many exciting new features like virtual GPU support, better writeback management, eBPF hooks for cgroups, as well as Intel Cache Allocation Technology support for the L2/L3 caches of Intel processors.
  • Wacom's Intuos Pro To Be Supported By The Linux 4.11 Kernel
    Jiri Kosina submitted the HID updates today for the Linux 4.11 kernel cycle.
  • Mesa 13.0.5 Released for Linux Gamers with over 70 Improvements, Bug Fixes
    We reported the other day that Mesa 13.0.5 3D Graphics Library will be released this week, and it looks like Collabora's Emil Velikov announced it earlier this morning for all Linux gamers. Mesa 13.0.5 is a maintenance update to the Mesa 13.0 stable series of the open source graphics stack used by default in numerous, if not all GNU/Linux distributions, providing gamers with powerful drivers for their AMD Radeon, Nvidia, and Intel GPUs. It comes approximately three weeks after the Mesa 13.0.4 update.
  • mesa 13.0.5

Interview: Thomas Weissel Installing Plasma in Austrian Schools

With Plasma 5 having reached maturity for widespread use we are starting to see rollouts of it in large environments. Dot News interviewed the admin behind one such rollout in Austrian schools. Read more

today's leftovers

  • Top Lightweight Linux Distributions To Try In 2017
    Today I am going to discuss the top lightweight Linux distros you can try this year on your computer. Although you got yourself a prettyLinuxle linux already but there is always something new to try in Linux. Remember I recommend to try this distros in virtualbox firstly or with the live boot before messing with your system. All distro that I will mention here will be new and somewhat differ from regular distros.
  • [ANNOUNCE] linux-4.10-ck1 / MuQSS CPU scheduler 0.152
  • MSAA Compression Support For Intel's ANV Vulkan Driver
    Intel developer Jason Ekstrand posted a patch over the weekend for enabling MSAA compression support within the ANV Vulkan driver.
  • Highlights of YaST development sprint 31
    As we announced in the previous report, our 31th Scrum sprint was slightly shorter than the usual ones. But you would never say so looking to this blog post. We have a lot of things to talk you about!
  • Comparing Mobile Subscriber Data Across Different Sources - How accurate is the TomiAhonen Almanac every year?
    You’ll see that last spring I felt the world had 7.6 Billion total mobile subscriptions when machine-to-machine (M2M) connections are included. I felt the world had 7.2 Billion total subscriptions when excluding M2M and just counting those in use by humans. And the most relevant number (bottom line) is the ‘unique’ mobile users, which I felt was an even 5.0 Billion humans in 2015. The chart also has the total handsets-in-use statistic which I felt was 5.6 Billion at the end of 2015. Note that I was literally the first person to report on the distinction of the unique user count vs total subscriptions and I have been urging, nearly begging for the big industry giants to also measure that number. They are slowly joining in that count. Similarly to M2M, we also are now starting to see others report M2M counts. I have yet to see a major mobile statistical provider give a global count of devices in use. That will hopefully come also, soon. But lets examine these three numbers that we now do have other sources, a year later, to see did I know what I was doing.

Leftovers: Gaming