Car alarms aren't perfect systems, but security researchers Don Bailey and Mathew Solnik of iSec Partners have set out to prove how imperfect they really are.
The researchers have uncovered a way to hack a car's security system to remotely open or even start the engine. This happens by way of hacking a car's GSM mobile network that connects to a service like OnStar. A Subaru Outback was used as proof of their hack, but similar systems exist in cars from other manufacturers, such as GM, Mercedes-Benz, and BMW.
Through reverse engineering of the protocol, the researchers were able to take control of some of the car's security systems simply by sending it an SMS.
"When we looked at this car security and control system we determined within the first few hours that it was completely ownable, front to back," Bailey told Cnet. "This is not just a theoretical attack. This is a practical attack we've used on more than one system now."
While having a car stolen or tampered with via a text message is terrible, there could be even more far-reaching implications in other applications of the now-vulnerable technology.
"We are seeing more GSM [Global System for Mobile Communications]-enabled systems popping up in consumer culture and industrial control systems. They're not just in Zoombak [Global Positioning System] location devices and personal security control systems, but also in sensors deployed for waste treatment facilities, SCADA [Supervisory Control and Data Acquisition] and call-back systems, physical security systems, industrial control systems," Bailey said. "These GSM modules open up that world to attacks in a whole new way."
Read more at Network World.
My newest car is a pristine 1994 Ford Thunderbird.
It gets great gas mileage and it pounds the puny Toyota's or the little punk's honda rice grinder right into the ground.
Keeping up with the joneses is sometimes not a good thing.
But this vulnerability is almost as bad as the rfid sweep from a couple years ago, but i imagine in the case of onstar exploiting, it would be relatively easy to flag and cancel the request; thanks to the various hacking groups for bringing this type of information into the public view.
You've kept your car for 17 years because you knew someday car security could be hacked via SMS? You're just a regular Nostradamus.
I'll take a hackable BMW any day, that's what insurance is for.
LMAO, great comment :D
The intelligence just ooozes out your brain.