Security Review: Lexus “Talking” GPS

By millsea0 at 8:53 pm on January 27, 2009 | 3 Comments

With the increasing role that technology is playing in our lives, it was inevitable that we’d reach the point where we too could enjoy the luxury of a talking car, such as the infamous KITT from Knight Rider. The convenience of having a talking GPS unit that can suggest places to go is a bit of a luxury, but also a step into another form of auditory spam they mention in the USA today article .

Lexus is currently adding this feature to new automobiles that in addition to allowing the company to send messages to the driver, will also be able to suggest places that the driver might want to travel. As if drivers today did not already have enough distractions with cell phones and other technology that is able to interface with your car, this unit seem to be leaning towards more of a frivolous luxury than something of use.

If not endowed with the proper security, the device would seem to be the prime target of an attack. Simply transmit new directions or send a new audio file for it to play and you not only have an easy way to send a driver to the middle of nowhere, but to also provide a loud distraction that can send a driver into a panic during rush hour. Other automakers need to decide if we really need further distractions in our cars before rolling out the new technology.
Assets and security goals

  • Asset: Customer’s happiness, if one consumer likes a product, they will recommend it to friends and Lexus makes more money.
  • Security goal: Ensuring that no one can hijack the system for personal gain or send messages that are not meant for their client base.

Adversaries, threats

  • Companies: Certain illegitimate companies can send their own messages to the system providing a kind of audible junk mail.
  • Hackers: What better way to have a good laugh than to send a person out into the middle of nowhere with a false set of directions?

Weaknesses

  • Weak Authentication: Depending on the different types of security available, attackers might be able to bypass the authentication to gain access to the unit.
  • The Driver: Most people when using a GPS unit blindly follow the directions that it is giving out which when incorrect can lead to them driving precisely where they don’t want to go.
  • Security on Device: Once an attacker has gained access to the device, what sensitive information is stored on it and what measures are there against an attacker taking it.
  • Insiders: Anyone with access to message control can send whatever content they want to the device.

Defenses

  • White listing: Only content sent from trusted sources can be used to cause the device to suggest ideas to the client or broadcast that the client has new messages that are waiting to be listened to.
  • Encryption: Messages sent to and from the device must all be encrypted to provide a safe means of communication with the GPS/automaker/trusted clients and the GPS unit itself.
  • Manual for the Unit: Although commonly tossed into the glove compartment, this can provide keen insights towards using the device most effectively.
  • Admin Access: By only allowing certain people to change/program what messages can be sent to the device, it lowers the risk of a wayward employee being able to send out messages that are spam.

Conclusions

The problems that might arise from a spoofed signal are mostly social engineering attacks, where the attacker can lead the person to an incorrect location, spam the person with unwanted messages and perform a kind of denial of service. In the worst case scenario, this happens while the driver needs to focus or leads them into an undesired area. There are papers describing these vulnerabilities of GPS systems and countermeasures are in place to prevent most of the common attacks.

It seems that with the provided defenses, attackers will have quite a challenge in sending faulty data to a GPS, but the security of the automobile maker speech program may be more vulnerable since the system is a fairly new idea to cars. As long as Lexus and other factories go the extra mile for security to protect their clients while driving, there will be no need to worry about the possibility of an attack on this device.

Filed under: Security Reviews3 Comments »

3 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by qwerty

    January 28, 2009 @ 9:27 pm

    I’m sure that most of these GPS manufactures have the option to turn off the talking voice. I don’t think that is much of a security concern, as long as you can disable the annoyance/unwanted messages. The fact remains that someone could engineer the device to steer you in the wrong direction, although I’m not sure how many people actually would listen to this “suggester” – maybe only in cases in which they wanted to go for a joy drive or someplace random – in which case there isn’t too much you could do besides maybe driving them off an abrupt cliff/edge.

    With GPS technology, I think there are far more important security issues. One that concerns me is the fact the the device knows where you are, where you are going, and where you have been. It can store all this, and, if compromised it could be secretly stored, and directly or indirectly transmitted elsewhere. I think this comes up with GPS enabled phones too. If someone wants to know where you’ve been it wouldn’t be too hard to find out if you kept your GPS on while traveling. Say your husband/wife has always gone out at 3:00 PM to do ‘laundry’ every day. Turn on their GPS logger and find out where exactly this laundromat is, as well as how long they were there etc. Information is valuable to many, and in the wrong hands is not where it should be. I’ve always wondered just how much the government is able to watch us. Can they remotely enable the GPS on our phones to track us whenever they want? We already know triangulation is possible, but just how much from my phone can they see? As phones get smarter and smarter we start to store more and more sensitive data on them, opening all this data up to who knows who…

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by sojc701

    January 30, 2009 @ 2:41 am

    The iPhone can offer users the approximate position where they are using cell towers without even GPS.
    Since the cell phone communicates with cell towers, not only users could find their location, but also the wireless provider knows where they are.
    The advantage GPS over cell phone is that GPS knows where I am but nobody knows where I am because GPS uses the broadcasting signal from satellites. However, if GPS had the functionality transmitting information, it could expose not only current location but also previous locations where we have been to others we don’t know.
    I could image that if there were a person who wants to steal something in my house, and he knows where I am, my GPS would be a great and useful alarm for him.
    I hope that GPS remains a closed box like right now.

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by oterod

    January 30, 2009 @ 8:23 am

    I realize that this is an issue tangential to the point you’re trying to make, but it seems to me that the greatest concern here is absurd invasion of privacy. I don’t know the specifics of implementation, but the last thing anybody needs is one more channel for advertisement and product placement. I don’t want my navigation system telling me to get off at the next exit to get a juicy steak at the Outback, nor do I want it to remind me that, with winter on its way, I should stop by REI for an up-to-date set of rain gear. It’s the worst of both worlds from my point of view: as pervasive as radio and TV ads, but also targeted to your specific circumstances at some level.

    Of course, there are security concerns even within the realm of privacy, though poor security in that regard may cap out at “frustrating” rather than “bank-emptying.” I hope to god that other automakers do not follow this lead.

RSS feed for comments on this post