Hacking Traffic Message Channel

Quicksearch

Disclaimer

The individual owning this blog works for Oracle in Germany. The opinions expressed here are his own, are not necessarily reviewed in advance by anyone but the individual author, and neither Oracle nor any other party necessarily agrees with them.

Navigation

< links for 2008-01-02 | Auf dem Oberdeck >

Hacking Traffic Message Channel

Wednesday, January 2. 2008

One of the nice thing of modern on-board navigation is the availability of traffic information via FM radio (it´s encoded in the RDS). Joern of Ende-der-Vernunft linked to a interesting presentation held on a security conference: Unusual Car Navigation Tricks: Injecting RDS-TMC Traffic Information Signals.

It would be interesting to know, if TMCpro is vulnerable as well. TMCpro is a paying-subscriber service (you pay the subscription with you TMCpro enabled receiver). To close the user group it´s nescessary to encrypt the TMC. This may close the vulnerability of the public TMC, as long the the receiver don´t switch to the public service in case the pro signal isn´t available.

Posted by Joerg Moellenkamp in English, Security at 12:57 | Comment (1) | Trackbacks (0)

Defined tags for this entry: navigation

, security

, tmc

, tmcpro

Related entries by tags:

View as PDF: This entry | This month | Full blog

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

I think TMCpro will be vulnerable in a short time, too. Only the location of the event ist scrambled, the rest of the message is unscrambled (according to the presentation Joern linked).

But even if the encryption can't be cracked so easily, you can at least use the vulnerability to overflow TMCpro with unuseable messages changing the unscrambled part and repeating it permanently. TMCpro is only available via a few private radio stations, so you don't have so many frequencies to overflow with your data. Maybe you are not able to send your victim on a 200km detour, but you are able to let the navigation device ignore a 10km traffic jam.

But, at least, I don't see a realistic scenario for using that attack, because those devices are not used permanently for each and every route that is travelled. I don't think you will be able to kill the rush hour in hamburg by sending a few route-closed signals an hour before leaving the office. And in a few years, when we all will use these systems permanently, TMC will not be fast enough to transmit all the traffic jams that are around.

#1 Jan (Homepage) on 2008-01-02 20:06 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: Standard emoticons like :-) and ;-) are converted to images. Enclosing asterisks marks text as bold (word), underscore are made via _word_.
	Remember Information? Subscribe to this entry