{"id":520,"date":"2009-01-27T20:53:39","date_gmt":"2009-01-28T04:53:39","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=520"},"modified":"2009-01-27T20:57:51","modified_gmt":"2009-01-28T04:57:51","slug":"security-review-lexus-talking-gps","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/27\/security-review-lexus-talking-gps\/","title":{"rendered":"Security Review: Lexus &#8220;Talking&#8221; GPS"},"content":{"rendered":"<p>With the increasing role that technology is playing in our lives, it was inevitable that we&#8217;d reach the point where we too could enjoy the luxury of a talking car, such as the infamous KITT from Knight Rider.  The convenience of having a talking GPS unit that can suggest places to go is a bit of a luxury, but also a step into another form of auditory spam they mention in the USA today <a href=\"http:\/\/www.usatoday.com\/money\/autos\/2009-01-07-lexus-talking-car_N.htm\">article<\/a> .<\/p>\n<p>Lexus is currently adding this feature to new automobiles that in addition to allowing the company to send messages to the driver, will also be able to suggest places that the driver might want to travel.  As if drivers today did not already have enough distractions with cell phones and other technology that is able to interface with your car, this unit seem to be leaning towards more of a frivolous luxury than something of use.<\/p>\n<p>If not endowed with the proper security, the device would seem to be the prime target of an attack.  Simply transmit new directions or send a new audio file for it to play and you not only have an easy way to send a driver to the middle of nowhere, but to also provide a loud distraction that can send a driver into a panic during rush hour.  Other automakers need to decide if we really need further distractions in our cars before rolling out the new technology.<!--more--><br \/>\n<a name=\"more-450\"><\/a><strong>Assets and security goals<\/strong><\/p>\n<ul>\n<li>Asset: Customer&#8217;s happiness, if one consumer likes a product, \tthey will recommend it to friends and Lexus makes more money.<\/li>\n<li>Security goal: Ensuring that no one can hijack the system for \tpersonal gain or send messages that are not meant for their client \tbase.<\/li>\n<\/ul>\n<p><strong>Adversaries, threats<\/strong><\/p>\n<ul>\n<li>Companies: Certain illegitimate companies can send their own \tmessages to the system providing a kind of audible junk mail.<\/li>\n<li>Hackers: What better way to have a good laugh than to send a \tperson out into the middle of nowhere with a false set of \tdirections?<\/li>\n<\/ul>\n<p><strong>Weaknesses<\/strong><\/p>\n<ul>\n<li>Weak Authentication: Depending on the different types of \tsecurity available, attackers might be able to bypass the \tauthentication to gain access to the unit.<\/li>\n<li>The Driver: Most people when using a GPS unit blindly follow \tthe directions that it is giving out which when incorrect can lead \tto them driving precisely where they don&#8217;t want to go.<\/li>\n<li>Security on Device:  Once an attacker has gained access to \tthe device, what sensitive information is stored on it and what \tmeasures are there against an attacker taking it.<\/li>\n<li>Insiders: Anyone with access to message control can send \twhatever content they want to the device.<\/li>\n<\/ul>\n<p><strong>Defenses<\/strong><\/p>\n<ul>\n<li>White listing: Only content sent from trusted sources can be \tused to cause the device to suggest ideas to the client or broadcast \tthat the client has new messages that are waiting to be listened to.<\/li>\n<li>Encryption: Messages sent to and from the device must all be \tencrypted to provide a safe means of communication with the \tGPS\/automaker\/trusted clients and the GPS unit itself.<\/li>\n<li>Manual for the Unit: Although commonly tossed into the glove \tcompartment, this can provide keen insights towards using the device \tmost effectively.<\/li>\n<li>Admin Access: By only allowing certain people to \tchange\/program what messages can be sent to the device, it lowers \tthe risk of a wayward employee being able to send out messages that \tare spam.<\/li>\n<\/ul>\n<p>Conclusions<\/p>\n<p>The problems that might arise from a spoofed signal are mostly social engineering attacks, where the attacker can lead the person to an incorrect location, spam the person with unwanted messages and perform a kind of denial of service.  In the worst case scenario, this happens while the driver needs to focus or leads them into an undesired area.  There are <a href=\"http:\/\/www.homelandsecurity.org\/bulletin\/Dual%20Benefit\/warner_gps_spoofing.html\">papers<\/a> describing these vulnerabilities of GPS systems <a href=\"http:\/\/www.homelandsecurity.org\/bulletin\/Dual%20Benefit\/warner_gps_spoofing.html\"><\/a> and countermeasures are in place to prevent most of the common attacks.<\/p>\n<p>It seems that with the provided defenses, attackers will have quite a challenge in sending faulty data to a GPS, but the security of the automobile maker speech program may be more vulnerable since the system is a fairly new idea to cars.  As long as Lexus and other factories go the extra mile for security to protect their clients while driving, there will be no need to worry about the possibility of an attack on this device.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With the increasing role that technology is playing in our lives, it was inevitable that we&#8217;d reach the point where we too could enjoy the luxury of a talking car, such as the infamous KITT from Knight Rider. The convenience &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/27\/security-review-lexus-talking-gps\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":111,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-520","post","type-post","status-publish","format-standard","hentry","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/520","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/111"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=520"}],"version-history":[{"count":7,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/520\/revisions"}],"predecessor-version":[{"id":527,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/520\/revisions\/527"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}