Tom raised the possibility of satellite failures a couple of days ago; turns out that as usual the worries were too modest. This Black Hat session features Andrea Barisani and Daniele Bianco explaining their project to hack satellite navigation systems via RDS-TMC to make them give the “victim” false information using off-the-shelf components and cheap electronics. Their presentation is beyond my technical ability to follow - a lot of detailed explanations and coding - but the point is clear enough: drivers trust the information they get from their in-car satellite navigation systems including the real-time traffic information RDS sends. Capture an hour of traffic messages, plot on Google Maps…(”Getting laid drives our research,” they say. “Your experience may differ.”)…sniff the RDS packets. Using a commercially available RDS encoder…FM transmitter…TX antenna (which got them a TSA tag for inspection on their way into the US)…AFAICT you find a channel that provides RDS-TMC and obscure it, then fake a broadcast (either exist an exiting channel or find an unused frequency and use that). It’s pretty involved and complicated, but you know the way these things go: it’s hard today and involves a lot of custom stuff, but the next generation just needs to download a software pack and buy a few pieces of electronics.

The overall message from Black Hat is pretty clear: over and over again people build things with little thought to security (in the case of satnav, it probably never occurred to them anyone could hijack it DESPITE Captain Midnight and HBO way back in 1980)…yet we go right on basing massive corporate/government/commerce systems on top of these things. The Web being the most notorious example, of course.

In this case, they can create accidents, weather, traffic jams…

wg