NEWS FROM THE LAB - Monday, August 1, 2005

The Car Whisperer project Posted by Mikko @ 06:47 GMT

The Trifinite group has come up with a new and interesting development again. They've just released an auditing tool called "The Car Whisperer".

Equipped with this software running on a Linux laptop and a suitable Bluetooth antenna, it is possible to connect to cars that have an unsecure Bluetooth hands-free unit. After this, it is possible to eavesdrop on the discussion inside the car, or use the hands-free unit to talk to whoever is in the car.

Car whisperer in action. Image (c) Trifinite 2005

This attack is made possible by the fact that many car manufacturers use a constant Bluetooth passkey such as "0000" or "1234". Which is a bad idea.