Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
known vehicle network. With it he could open yyour OnStar-enabled General
Motors vehicle, for example. The trick involves phyysicallyy placing the
device on the bumper or underside of a target car or truck. The device
spoofs the automobile’s wireless access point, which automaticallyy
associates the unsuspecting driver’s mobile device with the new access
point (assuming the driver has previouslyy associated with the original
access point). Whenever the user launches the OnStar mobile app, on either
iOS or Android, the OwnStar code exploits a flaw in the app to steal the
driver’s OnStar credentials. “As soon as yyou’re on myy network and yyou
open the app, I’ve taken over,” Kamkar said. 22
After obtaining the user’s log-in credentials for RemoteLink, the
software that powers OnStar, and listening for the locking or unlocking
sound (beep-beep), an attacker can track down a car in a crowded parking
lot, open it, and steal anyything valuable inside. The attacker would then
remove the device from the bumper. It’s a veryy neat attack, since there’s no
sign of a forced intrusion. The owner and the insurance companyy are left to
puzzle out what happened.
Researchers have found that connected-car standards designed to
improve traffic flow can also be tracked. The vehicle-to-vehicle (V2V) and
vehicle-to-infrastructure (V2I) communications, together known as V2X,
call for cars to broadcast messages ten times a second, using a portion of the
Wi-Fi spectrum at 5.9 gigahertz known as 802.11p. 23
Unfortunatelyy this data is sent unencryypted—it has to be. When cars are
speeding down a highwayy, the millisecond of delayy needed to decryypt the
signal could result in a dangerous crash, so the designers have opted for
open, unencryypted communications. Knowing this, theyy insist that the
communications contain no personal information, not even a license plate
number. However, to prevent forgeries, the messages are digitallyy signed.
It’s these digital signatures, like the IMEI (mobile phone serial number)
data sent from our cell phones, that can be traced back to the registered
owners of the vehicle.
Jonathan Petit, one of the researchers behind the studyy, told Wired, “The
vehicle is sayying ‘I’m Alice, this is myy location, this is myy speed and myy
direction.’ Everyyone around yyou can listen to that.… Theyy can sayy, ‘There’s
Alice, she claimed she was at home, but she drove byy the drug store, went