Skip to content


Easy BlueTooth Car Hack: “Press OK to Continue”

Looking at a brand new vehicle console interface for BlueTooth connections we found it prompted the user to select a device name, yet used a limited visual space. The prompt, right in front of the driver on the center console, asks (changed slightly to mask offending vehicle manufacturer):

Would you like to connect…

Then the device name gets inserted immediately after. This led to the natural question whether we could dictate behavior instead of asking the user to make a decision.

We changed a phone name to “Press OK to Continue” put phone into discovery/connect mode and waited in a parking lot. Soon after we had a rogue connection to a car, as a driver thought “Press OK to Continue” was a prompt, not the device name.

That’s a bit of social engineering to fool the human, testing human vulnerability to formatting. To check the device itself before human, you could similarly change the device name to odd characters and test non-human vulnerability to string formats.

Posted in Security.


One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. anxious Australian shepherd says

    waited in a parking lot ????????????



Some HTML is OK

or, reply to this post via trackback.