April 20, 2007 3:20 PM PDT

Don't let your navigation system fool you

VANCOUVER, B.C.--That roadblock alert on your navigation system may not be real. Neither may that warning for a "terrorist incident," an "air raid" or a "bullfight."

Two Italian hackers have figured out how to send fake traffic information to navigation systems that use a data feature of FM radio for real-time traffic information. Using cheap, off-the-shelf hardware, they can broadcast traffic data that will be picked up by cars in about a one-mile radius, the hackers said during a presentation at the CanSecWest event here.

"We can create queues, bad weather, full car parks, overcrowded service areas, accidents, roadwork and so on," Andrea Barisani, chief security engineer at Inverse Path, a security company. "Traffic information displayed on satellite navigation systems is trusted by drivers. Normal people do not think that you can do nasty things."

Barisani and hardware hacker Daniele Bianco discovered that the system used by many navigation aides to get traffic data isn't secured. The data is sent using the Traffic Message Channel (TMC) of the Radio Data System (RDS), a standard way of transmitting data over FM radio also used to display station names and program titles.

With TMC, each traffic incident is sent as a TMC message that consists of an event code, location code and time details. The system is used throughout Western Europe, the U.S. and Australia.

The hackers wrote a program to decode the RDS data. "As far as we know it is the first open-source tool that tries to fully decode RDS information," Barisani said. They then figured out how to create their own TMC messages and broadcast those using an RDS encoder, an FM transmitter, an antenna and some other tools.

Barisani and Bianco found that navigation systems display different alerts based on codes sent via RDS. "The event table supports a number of security-related messages; we doubt anyone has used them so far," Barisani said. Those alerts include air raid, bomb alert, air crash and terrorist incident.

"Oh my God, World War III is happening on my way home," Barisani said after displaying a video in which the navigation system in his 2006 Honda Civic warned him of mayhem while he was on the way to Trieste, Italy.

The pair tested their work on a 2006 Honda Civic sold in Europe, but Barisani said navigation systems sold in Europe and around the world use the same method to get traffic data. A receiver inside the navigation system continuously scans radio frequencies for the information, he said.

TMC is also supported over digital and satellite radio, but it is harder for a hacker to send out data using those technologies compared with FM, Barisani said.

A new technology called TPEG, or transport protocol experts group, is ready to replace TMC, however that also doesn't support encryption for additional security, Barisani said. A more secure way of transmitting the data is provided in the U.S. by Microsoft, which operates DirectBand, a wireless datacast network that uses FM radio, Barisani said.

"We want to increase awareness about this," he said. "This is not the end of the world, but it is a nasty thing."

See more CNET content tagged:
Honda Civic, FM-radio, hacker, radio, Honda

4 comments

Join the conversation!
Add your comment
Worthless excuse for a human
What will these lowlifes think of next? Perhaps a device which can disable fire trucks and ambulances whenever they turn on their sirens? Wow, wouldn't that be funny, huh? Making a device just to screw with people and cause them inconvenience is disgusting. I think an appropriate punishment for these scumbags is to put their private-parts in a blender and puree. I definitely don't want them procreating.
Posted by kmsilver (9 comments )
Reply Link Flag
Re: Worthless excuse
kmsilver:

Researchers aren't lowlifes. Would you prefer that bad guys
discover this, keep it to themsleves, and use it against you? If
there's a vulnerability out there. I want to know about it. I also
want to be able to pressure those that can do something about it
to fix the problem.

There's an ongoing debate on how to handle vulnerabilities in
software and technology, but sticking our heads in the sand isn't
the answer. Let's let people look for vulnerabilities and report
them, so we can do something about those vulnerabilities.
Calling them names without thinking isn't helpful. If you have a
solid argument, then I'd like to hear them. But personal attacks
and name-calling don't help.
Posted by fgearhart (1 comment )
Link Flag
Wow, you are short-sighted.
If that was their intent, they'd be selling it transmitter devices on the black market, not showing people what they discovered.

It's not healthy for someone to think the thoughts you're thinking, let alone share them with others. Your suggestions are the ones that are disgusting. They made a car tell you there was an accident where there wasn't one. You're suggesting painful mutilation. I think you're the one that needs help.

You don't build a deadbolt and assume it works. You install it, kick it, pick it, and so on.

What these guys have shown is that the developers of these protocols didn't do due diligence and left a huge giant back door wide open.

Ironic that Microsoft gets the nod this time for being the more secure system. (Of course, that's relative, right?)
Posted by TV James (680 comments )
Link Flag
More Fool You!
If You only believe what appears on the screen Orwell was Right! but joking aside This is a very BAD flaw in the system as not only can a hacker attack it but a very simple error can give a totally erroneous message, but not be seen on the transmission screen..
(Also the hack works)
Posted by Video Edit (4 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.