War Texting Remotely Unlocks, Starts Cars at Black Hat
Modern automobiles are increasingly becoming more like computers, with features such as the in-car navigation system and multiple sensors tracking the fuel tank and overall health of the engine.
Don Bailey and Matthew Solnik, two senior security researchers from iSEC, showed how text messages sent over the GSM network could be used to unlock and start the engine of a Subaru Outback on Aug. 3 at the annual Black Hat security conference in Las Vegas. They showed a video of how text messages sent from an Android smartphone could be used to trick the car into responding to the request.
It took only two hours to hack into a car alarm system and then start the car remotely by sending it a text message, Bailey said during the presentation.
The hack exploits devices that connect to cellular GSM networks and accept wireless signals. Cars and several other products are increasingly connecting to cell grids and the Internet, making them vulnerable to attack, Bailey said.
Bailey set up a GSM network and used a method he called "war texting" to intercept the password authentication messages sent between the remote server and the car. The hack exploits the vehicle's remote control system, such as the one used by General Motors, BMW and Mercedes for unlocking and remotely starting the car.
Other automakers' remote controls and similar systems used to control traffic lights, security cameras and power grids are vulnerable to this type of attack. Bailey did not specify which other models or car systems are vulnerable. The technique could also be used to hit systems that rely on text messages to receive firmware updates.
Bailey said manufacturers can use more sophisticated parts to prevent these types of attacks. Even though the cost increases would be highly significant, he said it was a necessity to find to balance cost and security.