Mobile Technology – If you happen to hear a disembodied computer voice telling you to drive carefully next time you’re behind the wheel, you’ve probably met the Car Whisperer.
Car Whisperer is software that can trick the Bluetooth systems installed in some cars into connecting with a Linux computer. It was developedby Trifinite.group, a nonprofit organization of European wireless security experts, as a way of illustrating the security shortcomings of some Bluetooth systems, says Martin Herfurt, one of Trifinite’s founders.
Car Whisperer takes advantage of the fact that many Bluetooth systems require only a four-digit security key—often a number such as 1234 or 0000—in order to grant system access to mobile devices such as atelephone. Using Car Whisperer and a directional antenna that allowed him to extend the range of his Bluetooth connections to about a mile, Herfurt was able to use his Linux laptop to listen in on two out of five cars he was able to connect to.
“If I had been following the car, I would have been able to eavesdrop for a longer time,” he says.
Herfurt says a hacker couldn’t do something really serious such as disable airbags or brakes. But Trifinite is studying whether an attacker could do anything more than listen or talk to a driver (access a telephone address book, for instance).
The best solution may be to simply teach these systems some manners. Herfurt says that if the system simply asked for the driver’s permission before connecting with anything, the Car Whisperer would do a lot less whispering.