If not redirected, please click here https://www.thesecuritybuddy.com/bluetooth-security/what-is-car-whisperer/
Car Whisperer is a hacking technique which can be used by attackers to hack handsfree Bluetooth in-car system and connect it to a Linux system to inject audio to or record audio from a bypassing car. Car Whisperer can easily be used by the attackers to invade privacy and listen to conversation inside a car and exploit that to illegitimate purposes.
What is Car Whisperer ?
Car Whisperer is a hacking technique which can be used by attackers to hack handsfree Bluetooth in-car system and connect it to a Linux system to inject audio to or record audio from a bypassing car. Car Whisperer can easily be used by the attackers to invade privacy and listen to conversation inside a car and exploit that to illegitimate purposes.
Who found Car Whisperer ?
Car Whisperer was found by a group of
European wireless security experts called Trifinite Group in 2005.
This software was developed by Trifinite Group as a proof of concept
to illustrate the vulnerabilities of handsfree Bluetooth in-car
system.
How is Car Whisperer Attack perpetrated ?
Car Whisperer software takes advantage
of the fact that most of the handsfree in-car Bluetooth systems need a
simple four-digit security key, which in most cases is '0000' or
'1234'. Many car manufacturers use the same security key for all
their Bluetooth systems and this security key is enough for granting
permission of accessing the devices. And, this results in the
vulnerability using which Car Whisperer Attack can be perpetrated.
To perpetrate Car Whisperer Attack, the
attacker needs a Linux laptop and a few easily available hardware
like directional antenna.
Normally, the range of Bluetooth is
limited to few meters only. But, there is a technique called
Bluesniping which can be used by the attackers to track a Bluetooth
system up to a mile distance, using a specialized hardware called
BlueSniping Gun. This BlueSniping Gun can easily be made with a few
hardware pieces like Folding
Stock, Yagi Antenna and Linux powered embedded PC. You can find more
information on Bluesniping here : Bluesniping.
Using
this specialized hardware, the attacker can hack the Bluetooth system
in the car and connect it with a Linux laptop. After that, they can
inject audio to the system or record conversation within the car.
Purpose of Car Whisperer Attack
As
discussed earlier, Car Whisperer Attack can be perpetrated by the
attackers to invade privacy and record conversation inside the car or
inject audio into the in-car Bluetooth system.
Till
now, experts could not confirm whether Car Whisperer Attack can be
used to do even more nefarious activities like disabling airbags or
brakes. But, experts do believe that there can be other implications
of this attack.
How to prevent Car Whisperer Attack ?
The
first option that we can think of preventing the attack is not to use
same pre-specified security code to all the cars. Without knowing the
security code, attackers cannot connect to the in-car Bluetooth
system.
There
is also another way to prevent this attack. You can keep your Bluetooth phone connected to the in-car Bluetooth device. Normally,
the in-car Bluetooth device can connect to only one device at a time.
So, if you keep your Bluetooth phone connected to the in-car
Bluetooth device while you are inside the car, it would not be
possible for the attacker to hack and connect to the in-car Bluetooth
system.
So,
beware of various vulnerabilities so that you can protect your
devices in a better way. And, stay safe, stay protected.
Read More
What are the security concerns of Internet TV ?
How can attackers use Juice Jacking to spread malware while charging devices in public charging kiosk ?
What is IoT Botnet and how is it used to make DDoS attacks ?
Infographic : How to prevent malware ?
Read More
What are the security concerns of Internet TV ?
How can attackers use Juice Jacking to spread malware while charging devices in public charging kiosk ?
What is IoT Botnet and how is it used to make DDoS attacks ?
Infographic : How to prevent malware ?
No comments:
Post a Comment