<<<
NEWS FROM THE LAB - Monday, May 9, 2005
>>>
 

 
In-depth investigation of the "Cabir-in-Cars" myth Posted by Jarno @ 11:06 GMT

Couple of months ago there were rumours floating around that Bluetooth viruses could infect the on-board computers of some Lexus cars, or at least cause some visible effects on them.

In February we published an official statement from Toyota that Lexus does not use Symbian OS, and thus cannot be infected by any of the Cabir variants.

However a mobile worm infecting a car is a thought that one cannot let go easily, and even as we knew that the car cannot be infected, this was something that just had to be tested for real.

So we got a Toyota Prius to test out the myth. Credit has to be given to Toyota for trusting their systems enough to actually lend the car for us for such testing. According to Toyota, this Prius model had identical in-car Bluetooth systems with the Lexus models, so it was suitable for our tests. This Bluetooth functionality is intended to, for example, transfer the phone book from the car owners mobile phone to the built-in phone of the car.

Underground

After getting the car we drove it to a safe testing location: an underground base 42 meters (140 feet) below sea level - for some in-depth testing! Before starting any testing with live viruses we obviously made sure there were no third party phones in the area which otherwise could have been at risk.

In the tests we used the Cabir.B and Cabir.H viruses: Cabir.B being the most widespread variant and responsible for most of the Cabir sightings in-the-wild, and Cabir.H as it has a different and more powerful spreading algorithm.

We did the tests by infecting phones with Cabir variants and operated the car in all available Bluetooth modes. We wanted to simulate a situation where someone just walks past the car with a Cabir-infected phone that has not been paired with the car. Then we recreated a situation where the phone of the owner of the car is infected and he does Bluetooth operations with the car.

Jarno inside the car

It came as no surprise that we could not infect the car, but the Prius performed in the test even better than expected. No matter what we did the car did not react to the Bluetooth traffic at all. Cabir tried to send itself to the car and the car just did not allow the Bluetooth OBEX transfer to happen.

After finishing the tests with infected phones, we tried to transfer a Cabir-infected SIS file to the car with a special file transfer program from the phones. In this test the Prius accepted the file transfer to begin, but then displayed a message stating "Transfer failed". This message is shown for any data transmitted to a car that is not a valid VCARD phone book.

Transfer failed

While we had the car for testing, we also tried all kinds of other publicly known Bluetooth attacks on it. Our goal was to find out if the car would react in any way to known Bluetooth attacks and exploits.

After some tests we got a surprising result: Suddenly all dashboard warning lights came on. The car went totally dead. Even the door locks didn't open anymore. The onboard computer displayed a severe warning: "The transmission lock mechanism is abnormal. Park your car on a flat surface, and fully apply the hand brake". We waited hesistantly a moment, turned ignition off and rebooted the car - and everything was back to normal. Weird.

crash

We repeated the same test - with the same results. We run it for a third time - and once again the system crashed. After that we started to get really worried. This can't be right - Bluetooth can't cause this, can it? Thoughts of massive product recalls started to float in our minds.

So we started from scratch and double checked everything. Going through the standard process of elimination by switching all Bluetooth devices off and waiting for some time, the problem repeated itself. Turns out the cause of the error was low voltage. After intensive tests for all morning, the battery of the car was running low! The car computer was going haywire because of that, and the problem had nothing to do with Bluetooth! But those were quite tense moments indeed - we almost thought that the impossible might have happened.

After fixing the battery problem, we continued tests and Toyota Prius performed admirably. We managed to find one minor issue with the system (a corrupted phone name would freeze the on-board display), but otherwise the Prius Bluetooth system was far more stable than our test phones and PCs. We had to reboot our test systems several times as their Bluetooth systems died on us, while Toyota Prius just kept going.

All in all, that test was definitely one of the more interesting virus tests we've done for quite a while.

Wardriving!