Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation

Presented at DEF CON 15 (2007), Aug. 4, 2007, 11:30 a.m. (80 minutes).

RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio Traffic Information for Satellite Navigation Systems. All modern in-car Satellite Navigation systems sold in Europe use RDS-TMC to receive broadcasts containing up to date information about traffic conditions such as queues and accidents and provide detours in case they affect the plotted course.The system is increasingly being used around Europe and North America. The audience will be introduced to RDS/RDS-TMC concepts and protocols and we'll show how to decode/encode such messages using a standard PC and cheap home-made electronics, with the intent of injecting information in the broadcast RDS-TM stream manipulating the information displayed by the satellite navigator. We'll discover the obscure (but scary!) messages that can be broadcast (and that are not usually seen over legitimate RDS-TMC traffic), the limits of standard SatNav systems when flooded with unusual messages and the role that RDS-TMC injection / jamming can play in social engineering attempts (hitmen in the audience will love this!). In order to maximize the presentation we'll also demo the injection...hopefully at low power so that we won't piss off local radio broadcasts.


Presenters:

  • Andrea Barisani
    Andrea Barisani is a system administrator and security consultant. His professional career began 8 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 16 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia. He's currently involved with the Gentoo project managing infrastructure server security being a member of the Gentoo Security and Infrastructure Teams along with distribution development. Being an active member of the international Open Source and security community he's maintainer/author of the tenshi, ftester and openssh-lpk projects and he's been involved in the Open Source Security Testing Methodology Manual, becoming a ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he's now the co-founder and Chief Security Engineer of Inverse Path Ltd.
  • Daniele Bianco
    Daniele Bianco is a system administrator and IT consultant. He began his professional career as a system administrator during his early years at university. His interest for centralized management and software integration in Open Source environments has focused his work on design and development of suitable R&D infrastructure. For the time being Daniele is working as a consultant for Italian astrophysics research institutes, involving support for the design, development and the administration of IT infrastructure. One of his hobbies has always been playing with hardware and recently he has been pointing his attention on in-car wireless and navigation systems. He's the resident Hardware Hacker for international consultancy Inverse Path Ltd. Daniele holds a Bachelor's degree in physics from University of Trieste.

Links:

Similar Presentations: