Feeds

Satnav hacking made simple

Create your own traffic jam, bull fight or air raid

Using blade systems to cut costs and sharpen efficiencies

CanSecWest A pair of hackers have demonstrated a way to spoof travel information messages displayed on satellite navigation systems used by Italian drivers to bypass accidents, traffic jams and plot the most efficient routes from one point to another.

The hack is so simple it's hard to believe no one has shown it off before. It uses inexpensive, off-the-shelf gear to inject RDS-TMC (radio data system-traffic message channel) data that is digitally coded into FM signals that many satnav systems use to receive travel information in real time. While the technique could be used for ill intent, Andrea Barisani, one of two researchers from Inverse Path who presented the hack at the CanSecWest conference in Vancouver, swears his goals were much more benign.

"The whole point is you can actually get laid," Barisani declared. He was alluding to video he had just rolled depicting Daniele Bianco, Barisani's partner in the demo, ambling down an unpaved road with a ravishing young woman. Based on the input from their 2006 Honda's integrated natsav, the two become stranded in the middle of nowhere. Upon learning an evil hacker brandishing an FM antenna is responsible, the young woman, so impressed with his power, quickly takes up with him.

Beyond an RDS encoder (price tag: $40), an FM transmitter and a hand-held antenna, the hackers needed the codes used to denote a particular event (e.g. an accident, parade or bull fight), and the event's location - information that can be easily learned from online sources. The strength of the FM signal can be augmented for long-range hacks that target a large number of drivers or more narrowly for those that aim to single out someone in particular.

Depending on the event invoked, the driver may receive a pop up notification (e.g. airplane crash or bomb alert), or the notification may not be displayed. But even in the latter case, the spoofed alert has the potential to mislead a satnav user. For example, an injection reporting a road has been closed will cause the satnav to recalculate a route to avoid the closure.

The injection is trivial to carry out. While TMC specs employ encryption, it is used for discrimination and not authentication, and the key can be broken by sampling a small amount of data. Also facilitating injection: terminals that use encryption are still expected to accept unencrypted data.

In addition to the FM band, TMC is also supported over digital audio broadcast and satellite radio, but those mediums are likely harder to exploit for injections. Microsoft DirectBand, an FM subcarrier used for MSN Direct, is a closed system that employs more robust encryption, also making it look promising, Barisani said. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.