Broadcasting your attack – DAB security
This presentation was presented at Black Hat USA 2015
Digital Audio Broadcasting (DAB) radio receivers can be found in many new cars and are often integrated into what has become known as the “infotainment system” – typically a large screen in the dashboard that the vehicle occupants interact with to control anything from what music is playing, to making phone calls, to viewing vehicle diagnostic information.
In many cases the infotainment system is connected to the same network as computers that control physical aspects of the vehicle e.g. steering and braking. This is because automated functionality is becoming more common in modern vehicles – the ability to automatically park a vehicle at the press of a button requires a computer to be able to electronically control the steering. These are known as “cyber-physical” systems as there is computer (cyber) control of what was traditionally, a manual, physical process such as steering the vehicle. Therefore, an attacker who finds a way to gain control of an infotainment system can in many cases use that platform to attack more sensitive, safety-critical vehicle functions.
DAB radio is significantly more feature-rich than its predecessor (FM). Although FM could broadcast simple textual messages such as the radio station name via the Radio Data System (RDS), DAB broadcasts can include much more text, with international langue support, images, web pages and even video.
All of this complexity increases the “attack surface” (number of avenues of attack) of a receiver.
Download slides from Andy Davis’ talk at Black Hat USA 2015 here