Verder naar navigatie Doorgaan naar hoofdinhoud Ga naar de voettekst

Broadcasting your attack – DAB security

28 juli 2015

door Andy Davis

Digital Audio Broadcasting (DAB) radio receivers can be found in many new cars and are often integrated into what has become known as the “infotainment system” – typically a large screen in the dashboard that the vehicle occupants interact with to control anything from what music is playing, to making phone calls, to viewing vehicle diagnostic information.

In many cases the infotainment system is connected to the same network as computers that control physical aspects of the vehicle e.g. steering and braking. This is because automated functionality is becoming more common in modern vehicles – the ability to automatically park a vehicle at the press of a button requires a computer to be able to electronically control the steering. These are known as “cyber-physical” systems as there is computer (cyber) control of what was traditionally, a manual, physical process such as steering the vehicle. Therefore, an attacker who finds a way to gain control of an infotainment system can in many cases use that platform to attack more sensitive, safety-critical vehicle functions.

DAB radio is significantly more feature-rich than its predecessor (FM). Although FM could broadcast simple textual messages such as the radio station name via the Radio Data System (RDS), DAB broadcasts can include much more text, with international langue support, images, web pages and even video.

All of this complexity increases the “attack surface” (number of avenues of attack) of a receiver and these attack opportunities are what will be discussed in my upcoming Black Hat USA 2015 talk:

https://www.blackhat.com/us-15/briefings.html#broadcasting-your-attack-security-testing-dab-radio-in-cars

Note: All of our DAB research has been conducted in accordance with the relevant laws. Our radio transmitter is connected via an appropriate attenuator (to simulate a wireless signal path) directly to the receiver under test so that no signals are actually broadcast wirelessly. Furthermore, where we have tested safety systems such as automated braking, this has been performed in a controlled environment and not on public roads. 

Published date:  28 July 2015

Written by:  Andy Davis