Car alarms aren't perfect systems, but security researchers Don Bailey and Mathew Solnik of iSec Partners have set out to prove how imperfect they really are.
The researchers have uncovered a way to hack a car's security system to remotely open or even start the engine. This happens by way of hacking a car's GSM mobile network that connects to a service like OnStar. A Subaru Outback was used as proof of their hack, but similar systems exist in cars from other manufacturers, such as GM, Mercedes-Benz, and BMW.
Through reverse engineering of the protocol, the researchers were able to take control of some of the car's security systems simply by sending it an SMS.
"When we looked at this car security and control system we determined within the first few hours that it was completely ownable, front to back," Bailey told Cnet. "This is not just a theoretical attack. This is a practical attack we've used on more than one system now."
While having a car stolen or tampered with via a text message is terrible, there could be even more far-reaching implications in other applications of the now-vulnerable technology.
"We are seeing more GSM [Global System for Mobile Communications]-enabled systems popping up in consumer culture and industrial control systems. They're not just in Zoombak [Global Positioning System] location devices and personal security control systems, but also in sensors deployed for waste treatment facilities, SCADA [Supervisory Control and Data Acquisition] and call-back systems, physical security systems, industrial control systems," Bailey said. "These GSM modules open up that world to attacks in a whole new way."
Read more at Network World.
