Hacking a Car Via the Driver's Smartphone

In a recently published paper "A Security Analysis of an In Vehicle Infotainment and App Platform", researchers from New York University and George Mason University unveiled the vulnerabilities posed by MirroLink, an industry standard for connecting smart


It is commonplace for car makers to allow the integration of trusted third-party apps with the IVI systems via smartphones, typically through a pair of apps, one that executes on the smartphone and one that executes on the IVI itself connected to the vehicle’s CAN bus.

"To what extent are these apps, protocols and underlining IVI implementations vulnerable to an attacker who might gain control of a driver’s smartphone?" Asked themselves the researchers led by Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering.

(See more...)