Security researchers at iSec Partners, Don Bailey and Mathew Solnik, have discovered a way to unlock car doors and even start some car engines remotely using SMS.
The two researchers have managed to intercept the wireless messages that travel between software-based systems like OnStar and cars. They were able to crack the protocol behind these systems and then duplicate it with a laptop in around two hours.
They have managed to use the hack on two different systems and unlock the vehicles. They have given the system the name of ‘War Texting’ and will present it at the Black Hat Conference later this week. Although they have said that they won’t release any details on the system and how it works so that it can’t be used maliciously.
Understanding the Vulnerability
The vulnerability lies in the way modern vehicles communicate with remote systems. Many cars today come equipped with telematics systems like OnStar, which allow owners to perform various functions such as unlocking doors, starting the engine, and tracking the vehicle’s location via a smartphone app or a web interface. These systems rely on wireless communication protocols to send and receive commands. Bailey and Solnik discovered that by intercepting these wireless messages, they could reverse-engineer the protocol and send their own commands to the vehicle.
This discovery raises significant concerns about the security of connected cars. As vehicles become more integrated with digital technology, the potential for cyber-attacks increases. The researchers’ ability to unlock doors and start engines remotely demonstrates that current security measures may not be sufficient to protect against sophisticated hacking attempts.
Implications for Car Manufacturers and Owners
The findings by Bailey and Solnik have important implications for both car manufacturers and owners. For manufacturers, it highlights the need to prioritize cybersecurity in the design and development of connected car systems. This includes implementing robust encryption methods, regularly updating software to patch vulnerabilities, and conducting thorough security testing.
For car owners, it serves as a reminder to be vigilant about the security of their vehicles. While the researchers have not released the details of their hacking method, the fact that such vulnerabilities exist means that car owners should be cautious about using remote access features. It is also advisable to stay informed about any security updates or recalls issued by the car manufacturer and to apply them promptly.
In addition to these measures, there are steps that car owners can take to enhance the security of their vehicles. For example, using strong, unique passwords for any online accounts associated with the car’s telematics system can help prevent unauthorized access. Additionally, being aware of phishing scams and other social engineering tactics can reduce the risk of falling victim to cyber-attacks.
The discovery of ‘War Texting’ by Bailey and Solnik is a wake-up call for the automotive industry. As cars become more connected and reliant on digital technology, the need for robust cybersecurity measures becomes increasingly critical. By addressing these vulnerabilities proactively, manufacturers can help ensure the safety and security of their customers.
Source Network World, Gizmodo
Image Credit VOD Cars/ Flickr
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.