When you specify Bluetooth on the options list, chances are you aren’t asking to give other drivers the option to listen in on your conversation, or to comment on your driving skills via your own stereo speakers. But according to wireless security research group Trifinite, that’s exactly what you could get.
Trifinite researchers have shown that almost no hacking skills are required to patch into the Bluetooth facilities of some common vehicles, using nothing more sophisticated than a Bluetooth-equipped laptop and a directional aerial. With this meagre kit, a hacker in another car can pass himself off as an in-car phone, tapping into the speakers and microphones normally used to provide hands-free facilities.
Apparently the weakness lies in the way that manufacturers set up the Bluetooth gear. In an attempt to baffle as few legitimate users as possible, makers typically specify a very simple passkey - a code that you have to input to securely link up two Bluetooth devices, like a combination lock.
As Trifinite has learned, in many cases this combination lock has effectively been set to 0000, leaving the system wide open.
Not all vehicles use a preset passkey, and it’s worth finding out about passkey settings when considering Bluetooth kit.
Bluetooth welcomes eavesdroppers
10 August 2005