Radio Data System (RDS) Attacks

TID
ATE-012

RDS Attacks involves tricking victims into installing a benign-looking app that uses the RDS interface. Initially, this app exhibits no malicious behavior. Post-installation, the app dynamically downloads a backdoor, reassembling RDS packets to execute the payload. The exploit remains undetected as antiviruses can't scan runtime downloads. The attack bypasses Android's security checks of the vehicles infotainment system, exploiting vulnerabilities in the FM Radio API.

Type
Technique
Severity of Impact
High
Severity of Feasibility
Medium
Scalability
Moderatly
Domain
Automotive
Rail