A pair of security experts from Europe have demonstrated the ways in which common satellite navigation systems can be hacked into in order to display false messages and alerts. The two men, speaking at a security gathering in Canada, used the RDS-TMC standard based on RDS (Radio Data System) to inject satnav systems with fake messages.

RDS-TMC is currently the default method of relaying alerts to drivers through their in-car satellite navigation systems in Europe and is also increasingly used across North America. In order to transmit traffic condition messages or general alerts the system runs in parallel with FM radio broadcasts and can be vital for traffic management purposes, particularly as satnav systems become more widespread. However, the two experts discovered that the channel used to broadcast these messages is not protected, and any enabled systems can pick up their phoney alerts.

At the security conference the pair demonstrated how they could send out fake messages to drivers within a mile radius, warning them of bad weather, ongoing bullfights, road delays due to parades and even terrorist attacks. The whole situation may not seem very important, but ultimately this technique could be used to create chaos on the roads for malicious purposes. All this can be done with freely-available equipment and Andrea Barisani from Inverse Path, one of the two hackers who presented the case, believes there is not a lot manufacturers could do to close this security hole down, particularly since the new technology standard set to replace TMC does not provide authentication either. The advice coming from Barisani is that drivers should double check any alerts they get on their navigation systems via alternative means such as news broadcasts to be sure they are true.