Hack Threat Cited for Cars Connected to Smartphones

A protocol standard carmakers often use to link a vehicle’s infotainment systems with the driver’s smartphone could enable hackers to access sensitive safety systems, according to researchers.

The team was led by Damon McCoy, an assistant professor of computer science and engineering at NYU’s Tandon School of Engineering, and included students at George Mason University. They reported their findings at the USENIX Workshop on Offensive Technologies in Austin, Tex., earlier this month.

The group found vulnerabilities in MirrorLink, a system created by the auto industry’s Connected Car Consortium. The software can be found even in cars whose producers opt for another linking protocol. In the latter case, simple and publicly accessible instructions explain how to unlock MirrorLink within the vehicle’s infotainment system. From there, the researchers say, a hacker can access vestigial software support features that had been disabled by the manufacturer.

The team did exactly that with an unspecified 2015 model car. They say such access can enable a hacker with a smartphone to send malicious messages to the vehicle’s internal network and disrupt such systems as the antilock brakes. The group urges carmakers to address the vulnerability before MirrorLink becomes more widely used.