Sunday, May 16, 2021

Addressing A Potential Issue: Beyond The Ad

    Look.. We all hate ads. I can count on one hand the number of times I've voluntarily re-watched an ad that I just saw (3). I even have a little device (Pi-hole) in my house to keep most ads out of my network. But the ads aren't the problem in Ford's most recent venture. Although, I have to ask.. Why, Ford? We have enough of this marketing media force-fed to our steadily liquefying brains as it is.

The Problem: Security and Safety

    If you didn't care to click on the embedded link, I'll give you a tl;dr. Ford has patented an infotainment system for their vehicles that are designed to interact with billboards, to bring the advertisement closer to you and give you more information about the product/company. Not only is this annoying, but I think it's easy to see where this could be dangerous. Say you're navigating several lanes of busy traffic, you see a popup on your dash to let you know that Nacho Fries are back. You merge into another vehicle because you were distracted. Now this gets even more complicated, could you, having been distracted by this popup you didn't ask for, really be at fault for the accident? Could this lead to lawsuits? What if you're headed to an important business meeting, relying on GPS for navigation in a town you've never been to, when the popup re-arranges your screen, causing you to miss your exit? There are tons of 'what if' situations that come to mind with this technology and the distractions it could bring. But the problems don't stop there.

Theoretically Compromised

    Here's where it gets worse. Much worse... Say we can figure out how to deface and manipulate the billboard in such a way that your infotainment system opens something other than what was intended. Drivers could be shown graphic content or shady competitors could force their ads into our screens. Depending on how the content is retrieved, malicious files could be downloaded to your device or you could be sent to a malicious site. But wait... There's more. You might be thinking the biggest issue here is that you have to pay Darkside 3-5 Bitcoin to unlock the infotainment system, or you have to get it replaced because it only plays "Never Gonna Give You Up". That's probably the least of your worries.


    Beyond manipulating the image, there are other vectors for attack. There are communication modules referenced by the patent, which "couples to and receives the billboard interface". There are GPS modules in this design as well for multiple purposes. There are obviously databases where information and interfaces will be stored for retrieval. Let your imagination run wild here.

    Most, if not all, electronic components on modern vehicles are connected to the CAN (Controller Area Network) bus. For the technical folks, this thing operates like a hub. For everyone else, everything talks to everything else. Everything can access anything and everything. If someone were to get into your head unit, they're now sitting pretty to listen in on the rest of your vehicle's CAN. They could listen in and record the data that goes through when you apply your brakes, accelerate, and steer. This could be then manipulated, and replayed by an attacker, causing you to brake 60-0 in front of a semi they made you cut off, or take a hard left going over a bridge.

Make Your Own Decision

    I'm not going to say any of this stuff would be exactly easy to do. In fact, a large scale implementation would probably be quite difficult to attack as they will probably have security considerations designed with the product (I hope..). But do your own research, see how you feel about this for yourself. I'm not here to tell you how to feel, these are just my thoughts. I'll be honest, I haven't even read the full patent yet (although I am making my way through it). Take a look at this plain white bread, toasted... dry: Ford Patent.




