An exploit targeting the increasingly common satellite navigation devices used in motor vehicles was demonstrated at the CanSecWest security conference held in Vancouver last week.

Italian hackers Daniele Bianco and Andrea Barisani demonstrated an attack that allowed them to broadcast their own data in placed of that typically used by sat-nav units to avoid traffic jams and plot the best route to a location.

Most sat-nav devices combine a GPS receiver, a store of mapping data on an SD card and a receiver for the RDS (Radio Data System) signals used to broadcast traffic information overlaid on broadcast FM radio’s audio channels.

It is this feature that hackers Bianco and Barisani attacked.

Data on the traffic message channel (RDS-TMC) is encrypted but Bianco and Barisani demonstrated that the encryption could be defeated by analysing a small sample of the target broadcast.

That done, it was simply a matter of transmitting the spoof signal, which they achieved using an RDS encoder unit, available for $40 in all good electronics stores, and a simple FM transceiver.

Arbitrary information could then be introduced to as many sat-nav users as could be reached with sufficient Tx power to be heard above the real broadcast.

The possibilities then become endless as most sat-nav units use RDS input in their routing logic.

This is what happens when sat-nav goes wrong.