A group of researchers, for the first time, have found vulnerabilities in MirrorLink — a system that allows vehicles to communicate with smartphones.
According to the researchers from New York University Tandon School of Engineering — which was established after an Indian-American couple gifted $100 million to the New York University School of Engineering — today’s automobiles leave the factory with prototype software features that are disabled but can be unlocked by clever drivers.
MirrorLink, created by the Connected Car Consortium that represents 80 per cent of the world’s automakers, is the first and leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems.
Some automakers disable it because they chose a different smartphone-to-IVI standard or because the version of MirrorLink in their vehicles is a prototype that can be activated later, the researchers said in a university statement.
Researchers found that MirrorLink is relatively easy to enable and when unlocked can allow hackers to use a linked smartphone to control safety-critical components.
“Tuners — people or companies who customise automobiles — will root around for these kinds of prototypes and if these systems are easy to unlock they will do it,” said Damon McCoy, an Assistant Professor of Computer Science and Engineering at the NYU Tandon School of Engineering.
“And there are publicly available instructions describing how to unlock MirrorLink. Just one of several instructional videos on YouTube has gotten over 60,000 views,” McCoy added.
Last year, the New York University School of Engineering was gifted $100 million by an Indian-American couple Chandrika and Ranjan Tandon and was renamed the NYU Tandon School of Engineering.
The gift — which is supporting faculty hiring and academic programmes — was intended to build on the engineering school’s existing practice of cross-disciplinary innovation and entrepreneurship and achieve new levels of academic excellence in engineering.
The research was presented at the 10th USENIX Workshop on Offensive Technologies (WOOT ’16) in Austin, Texas held last month.