It’s reported that a group of researchers in America have, for the first time, found vulnerabilities in the smartphone-to-car communications system MirrorLink.
The Tech2 section of the Firstpost website says the researchers from New York University Tandon School of Engineering have found today’s vehicles leave the factory with prototype software features that are disabled but can be “unlocked by clever drivers”.
MirrorLink, which was created by the Connected Car Consortium that represents 80% of the world’s automakers, is the leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems, but the report says some automakers disable it because they chose a different smartphone-to-IVI standard or because the version of MirrorLink in their vehicles is a prototype that can be activated later, the researchers said in a university statement. Researchers found that MirrorLink is relatively easy to enable and when unlocked can allow hackers to use a linked smartphone to control safety-critical components.
“Tuners — people or companies who customise automobiles — will root around for these kinds of prototypes and if these systems are easy to unlock they will do it,” the site quotes Damon McCoy, an Assistant Professor of Computer Science and Engineering at the NYU Tandon School of Engineering. “And there are publicly available instructions describing how to unlock MirrorLink. Just one of several instructional videos on YouTube has gotten over 60,000 views.”