Your Privacy Could Be Leaking Out of Old Firmware in Your Car
Hackers could use the infotainment system in your car to steal private information from a phone it paired with at one point in the past. Researchers have shown that the on-board entertainment computer in at least one car make and model stores personal data persistently and suffers from weaknesses that allow exfiltration through the built-in Wi-Fi component.
Security researchers Gabriel Cirlig and Stefan Tanase from Ixia, at the DefCamp security conference in Bucharest, Romania, presented their discovery that the infotainment system in a car they tested hoarded the information it took from a phone during synchronization, and permitted silent extraction. They pulled out information including call history, contact lists, SMSs, emails, GPS history, voice profiles and vehicle status (fuel consumption, average speed, driving style, how often you hit the brake). Files associated with applications on the phone, such as photos and audio, were also discovered in the car’s storage.
Cirlig said that the date of the pairing doesn’t matter because the car computer would transfer and store the data indefinitely whenever a phone connected to the infotainment system, to shorten future data synchronization times. This raises serious privacy concerns for people selling their car, because their details would pass to the new owner.
The researchers said that stealing the data was possible through the infotainment system’s autorun feature that kicks in when it finds a USB drive. This prompted them to write a script that executed automatically. A single line of code could be used to disable the firewall and dump sensitive data on the removable device. Since the vehicle comes with Wi-Fi capabilities, Cirlig said the script could also instruct the car to send the information via Wi-Fi to an attacker nearby.
Tanase said the infotainment system came with debugging tools – powerful utilities that interact directly with the code in the product, used for testing and error correction during development. The security expert believes they were added in the staging environment, a point in the deployment process that mirrors the actual production for final testing.
Relying on the autorun feature, the hackers turned on the SSH (secure shell) communication with the car and could send commands with the highest privileges. A hacker could abuse the debugging tools to collect details of WiFi networks the car finds as it drives through the city. This activity, known as wardriving, is usually done with a laptop or a smartphone to map networks and exploit vulnerabilities in them.
Cirlig and Tanase were encouraged in their work by previous research on car hacking, both from Charlie Miller and Chris Valasek on Jeep Cherokee, and more recent work by Jay Turla (https://github.com/shipcod3/mazda_getInfo) on Mazda cars. The security researchers declined to disclose the name of the manufacturer or the model on the testbed, but said that they reported the problem to the maker, who fixed it. However, updating the infotainment system is done in dealerships or authorized car services, so many vehicles may still run the vulnerable firmware.
Image credit: Pixabay / Pexelsautorun car hacking connected car infotainment system wardriving