Skip to main content

Hackers Demonstrate Unlocking Car Doors via SMS

Car alarms aren't perfect systems, but security researchers Don Bailey and Mathew Solnik of iSec Partners have set out to prove how imperfect they really are.

The researchers have uncovered a way to hack a car's security system to remotely open or even start the engine. This happens by way of hacking a car's GSM mobile network that connects to a service like OnStar. A Subaru Outback was used as proof of their hack, but similar systems exist in cars from other manufacturers, such as GM, Mercedes-Benz, and BMW.

Through reverse engineering of the protocol, the researchers were able to take control of some of the car's security systems simply by sending it an SMS.

"When we looked at this car security and control system we determined within the first few hours that it was completely ownable, front to back," Bailey told Cnet. "This is not just a theoretical attack. This is a practical attack we've used on more than one system now."

While having a car stolen or tampered with via a text message is terrible, there could be even more far-reaching implications in other applications of the now-vulnerable technology.

"We are seeing more GSM [Global System for Mobile Communications]-enabled systems popping up in consumer culture and industrial control systems. They're not just in Zoombak [Global Positioning System] location devices and personal security control systems, but also in sensors deployed for waste treatment facilities, SCADA [Supervisory Control and Data Acquisition] and call-back systems, physical security systems, industrial control systems," Bailey said. "These GSM modules open up that world to attacks in a whole new way."

Read more at Network World.

  • memadmax
    This is why I keep my cars as old and off the grid as possible.
    My newest car is a pristine 1994 Ford Thunderbird.
    It gets great gas mileage and it pounds the puny Toyota's or the little punk's honda rice grinder right into the ground.

    Keeping up with the joneses is sometimes not a good thing.
    Reply
  • Pyree
    So there was a hoax years back saying you can use the phone's signal to mimic car remote to open any car and now unlocking a car with you cellphone is a reality? Epic.
    Reply
  • jackbling
    This is somewhat unrelated, but i still think about paul hogan whenever i read the word subaru. My first thought was he is going to need a safer place to store his hat.

    But this vulnerability is almost as bad as the rfid sweep from a couple years ago, but i imagine in the case of onstar exploiting, it would be relatively easy to flag and cancel the request; thanks to the various hacking groups for bringing this type of information into the public view.
    Reply
  • LongLiveRock1974
    memadmaxThis is why I keep my cars as old and off the grid as possible.My newest car is a pristine 1994 Ford Thunderbird. It gets great gas mileage and it pounds the puny Toyota's or the little punk's honda rice grinder right into the ground.Keeping up with the joneses is sometimes not a good thing.
    You've kept your car for 17 years because you knew someday car security could be hacked via SMS? You're just a regular Nostradamus.
    Reply
  • aaron88_7
    memadmaxThis is why I keep my cars as old and off the grid as possible.My newest car is a pristine 1994 Ford Thunderbird. It gets great gas mileage and it pounds the puny Toyota's or the little punk's honda rice grinder right into the ground.Keeping up with the joneses is sometimes not a good thing.Good luck picking up girls in that ancient POS car

    I'll take a hackable BMW any day, that's what insurance is for.
    Reply
  • officeguy
    longliverock1974You've kept your car for 17 years because you knew someday car security could be hacked via SMS? You're just a regular Nostradamus.
    LMAO, great comment :D
    Reply
  • JohnnyLucky
    Although interesting it is definitely not good news.
    Reply
  • memadmax
    So, you skip the first line of my comment and concentrate on the age of my car.
    The intelligence just ooozes out your brain.
    Reply
  • borisof007
    I wonder how many read this article, myself included, and just went "Aw f&*k!"
    Reply
  • don't the need to know the phone number to be able to hack it?!
    Reply