The Next Kind of Bluetooth Threat: Car Whispering

My Bluetooth security friend Martin Herfurt is at it again, this time revealing vulnerabilities with Bluetooth-enabled cars that would allow

attackers to inject audio data into the car. This could be fake traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car.

This is done via what Martin calls ‘carwhispering’ — using the standard passkeys (0000, 8888 or 1234, for example) in pairing in-car Bluetooth appliances without displays or keyboards. An attacker could stand on a bridge or in a nearby car and, using either short-range or longer-range Bluetooth antennae, tap into the Bluetooth device:

Cw_car

This may sound trivial, but of course it could be very effective. With phishing becoming much more targetted, I could well imagine this kind of thing proving useful to those involved in commercial espionage or targetted theft from companies or individuals. At the very least you could drive the occupants of the car to distraction by beaming The Wombles at them until they swerve up an embankment.

Good stuff, Martin.

02. August 2005 by jeremy
Categories: Bluetooth, Security | Tags: , , , , | 2 comments

Comments (2)

  1. Pingback: Canuckflack

  2. Pingback: Canuckflack