Sunday, February 14, 2016

What is Car Whisperer ?





What is Car Whisperer ?


Car Whisperer is a hacking technique which can be used by attackers to hack handsfree Bluetooth in-car system and connect it to a Linux system to inject audio to or record audio from a bypassing car. Car Whisperer can easily be used by the attackers to invade privacy and listen to conversation inside a car and exploit that to illegitimate purposes.

Who found Car Whisperer ?


Car Whisperer was found by a group of European wireless security experts called Trifinite Group in 2005. This software was developed by Trifinite Group as a proof of concept to illustrate the vulnerabilities of handsfree Bluetooth in-car system.


How is Car Whisperer Attack perpetrated ?


Car Whisperer software takes advantage of the fact that most of the handsfree in-car Bluetooth systems need a simple four-digit security key, which in most cases is '0000' or '1234'. Many car manufacturers use the same security key for all their Bluetooth systems and this security key is enough for granting permission of accessing the devices. And, this results in the vulnerability using which Car Whisperer Attack can be perpetrated.

To perpetrate Car Whisperer Attack, the attacker needs a Linux laptop and a few easily available hardware like directional antenna.

Normally, the range of Bluetooth is limited to few meters only. But, there is a technique called Bluesniping which can be used by the attackers to track a Bluetooth system up to a mile distance, using a specialized hardware called BlueSniping Gun. This BlueSniping Gun can easily be made with a few hardware pieces like Folding Stock, Yagi Antenna and Linux powered embedded PC. You can find more information on Bluesniping here : Bluesniping.


Using this specialized hardware, the attacker can hack the Bluetooth system in the car and connect it with a Linux laptop. After that, they can inject audio to the system or record conversation within the car.


Purpose of Car Whisperer Attack


As discussed earlier, Car Whisperer Attack can be perpetrated by the attackers to invade privacy and record conversation inside the car or inject audio into the in-car Bluetooth system.

Till now, experts could not confirm whether Car Whisperer Attack can be used to do even more nefarious activities like disabling airbags or brakes. But, experts do believe that there can be other implications of this attack.


How to prevent Car Whisperer Attack ?


The first option that we can think of preventing the attack is not to use same pre-specified security code to all the cars. Without knowing the security code, attackers cannot connect to the in-car Bluetooth system.

There is also another way to prevent this attack. You can keep your Bluetooth phone connected to the in-car Bluetooth device. Normally, the in-car Bluetooth device can connect to only one device at a time. So, if you keep your Bluetooth phone connected to the in-car Bluetooth device while you are inside the car, it would not be possible for the attacker to hack and connect to the in-car Bluetooth system.



No comments:

Post a Comment