2005 08 14 NYT Miss Manners Wouldn’t Approve: Snoops Bug the High-Tech Car – New York Times

http://www.nytimes.com/2005/08/14/automobiles/14BLUE.html?gwh=01D3D1E2155EF434DA08E1840F7D05D1&gwt=pay

Miss Manners Wouldn’t Approve: Snoops Bug the High-Tech Car

DON’T be too sure your car is an island of privacy. Under certain circumstances, outsiders can eavesdrop on conversations among you and your passengers if your car has a built-in Bluetooth telephone link.

Bluetooth provides a low-power wireless connection between your cellphone and your car – it permits hands-free conversations through a speaker and microphone built into the vehicle, or with a headset – and it may be vulnerable to amateur eavesdroppers. At a recent computer security convention in the Netherlands, a group of European wireless-security experts called the Trifinite Group demonstrated a system that lets a laptop user listen to conversations in passing cars with Bluetooth setups.

The system, which Trifinite calls the Car Whisperer, also lets the user talk to people in these cars. While that could be used to deliver compliments to a fellow motorist (“Nice ride!”), it would also be possible to insult the driver or make a lewd proposition.

Using a laptop computer with a Bluetooth transmitter and a software program (available at www.trifinite.org) that runs under the Linux operating system, the Car Whisperer has a range of 300 feet, some 10 times that of Bluetooth hands-free systems. The range can be extended to nearly a mile by adding a directional antenna.

The system was developed not to create mischief but to head it off, said Martin Herfurt of Salzburg, Austria, a co-founder of Trifinite and inventor of the Car Whisperer, by showing manufacturers how vulnerable some of their products are. “Unless you can demonstrate the problem,” Mr. Herfurt said in an e-mail message, “they may not recognize that it exists.”

The security loophole exists only in setups that do not follow the recommendation of the industry consortium that sets Bluetooth standards. Bluetooth devices can talk to one another only if they share a secret passcode.

While this code can be up to 128 bits long, the equivalent of a 16-character string of letters and numbers, most are shorter. The Bluetooth consortium recommends eight-character passwords, allowing nearly three trillion potential codes. A computer could try them all, but by that time a moving car would be far out of range.

Many manufacturers’ codes are just four digits long and consist solely of numerals. Such passcodes have only 10,000 potential values and can be cracked relatively quickly. Worse, some manufacturers use a single passcode, like 1234 or 0000, over and over.

If you are shopping for a hands-free Bluetooth speakerphone system, or a car equipped with one, you should look for one with a confirmation button that must be pressed to initiate a phone connection, Mr. Herfurt said, adding, “A button press cannot be performed by an external attacker.”

Mr. Herfurt added that you should change your car’s passcode from the factory default, if the system permits, and that you should keep the phone turned on and linked to Bluetooth. “The system can only communicate with one device at a time,” he said.

A system that communicates with other cars could be used to pass useful traffic data to drivers behind you. When traffic slows, for instance, cars might automatically tell the vehicles behind them, giving drivers a chance to exit or slow down to avoid a crash.

This is not the first time privacy issues have arisen in cars with high-tech connections. It is possible to eavesdrop on people in a car that has a telematics service with a phone connection, like General Motors’ OnStar (which is also offered on some non-G.M. models) or Mercedes-Benz’s Tele Aid.

But listening in through such systems requires the cooperation of the companies providing the service, and they will not cooperate unless they receive a court order. Such orders have been issued at least once, in a 2001 F.B.I. investigation in Las Vegas, but were overturned by the United States Court of Appeals for the Ninth Circuit.

What are Bluetooth’s other vulnerabilities? Despite reports circulating a few months ago, it is not true that a Lexus picked up a virus through a wireless link. Though cellphones can catch viruses, they are rarely linked to a car’s vital computers. But the concern behind such rumors is logical: any electronic device connected to the outside world is potentially vulnerable.

Advertisements