Hackers' Text Message Unlocks, Starts Car
CREDIT: Glen E. Larson Productions
You have one new message: Your high-tech car security system can be hacked, and your car stolen, with a simple text message.
And, say the researchers who proved it, the same methods can be used to take over a power plant or water-treatment facility.
At next week's (July 30-Aug. 4) Black Hat Security Conference in Las Vegas, researchers Don Bailey and Matthew Solnik from the San Francisco security consulting firm iSec Partners will give a demonstration entitled, "War Texting: Identifying and Interacting with Devices on the Telephone Network."
They'll show how they remotely unlocked a car, started its engine and learned its GPS coordinates all by sending a specially crafted text message to hack into the car's cellular-network-based security system.
("War texting" refers to the practice of hacking into a cellular-network-connection device via text messages.)
Highly sophisticated vehicle security systems have been in use for more than a decade. General Motors' OnStar, perhaps the best-known, communicates with call centers and GPS satellites and can be used to unlock, track, start and turn off cars remotely.
Other car manufacturers have similar systems, especially in luxury models. OnStar and other brands are also available as aftermarket add-ons.
Bailey and Solnik have not identified the specific security system they cracked, but they that say that modern cars are sitting targets at least for attackers with their levels of skill.
"This is not technologically advanced," Bailey told Kaspersky Lab's ThreatPost blog. "The fact is you can own these kinds of systems in under a couple of hours. It's easy. There's no confidentiality or integrity built into the systems ... It shouldn't be possible for any fly-by-night 12-year-old to do this."
Bailey and Solnik previously used war texting to get into personal GPS devices made by New York-based Zoombak.
What's particularly worrisome to the larger security community, Bailey said, is that the same system architecture used in the Zoombak and the car security system is also used in critical infrastructure security systems , such as those found at power plants or waste treatment facilities.