The Risks of Bluetooth in Cars
FRISK Software's Technical Spokesman, Michael St. Neitzel, recently discovered several security flaws endemic in the bluetooth implementation of several automobile models on sale in Iceland.
These flaws in the wireless bluetooth connectivity of these car models made it possible for Michael to demonstrate to Icelandic journalists on the Wednesday 21. February 2007, how he could use his mobile phone to tap into the "hands-free" microphone setup in several cars as well as accessing some models' GPS locator system.
As Michael St. Neitzel is quoted on the front page of "Blašiš", one of Iceland's highest circulation newspapers:
"If you know what to do, you can listen in on any conversation taking place in a car with a vulnerable bluetooth system."
He goes on to say:
"This is extremely careless of vendors."
The problem is that you only need a password to connect to these bluetooth systems, Most drivers do not change the default password which can in many cases be looked up on the vendor's web site.
"Blašiš" has more detailed coverage of this story both on its front page and on page four of its edition published on the 22nd of February 2007 (accessible on their web site as a pdf, in Icelandic). This includes several quotes and a large photo of Michael St. Neitzel.