Hackers May Have Ability to Unlock Car Doors Via SMS

Posted November 1st, 2011
Written by RPD Staff

From finding our car keys to helping us find our way home, smartphones have revolutionized the way we live. Sadly, new technological advances bring with them thieves who are ready to capitalize on a new opportunity.

Phone scams have taken on a new identity; tech-savvy criminals are finding ways to hack into applications from mobile phones and wireless devices. These crimes are happening right under the noses of those who own these gadgets.

The newest applications allow users to start their vehicles from a remote location. The OnStar RemoteLink app is currently used by car owners to start late-model GM, BMW and Mercedes vehicles. Recent news from computer security teams who were assembled to test the security of these devices has suggested that users are vulnerable to hacks.

Computer security researchers Don Bailey and Mathew Solnik from iSec Partners are in the business of spotting potential security threats before they occur. They recently produced a video detailing how they were able to unlock and start the engine of a car they did not own while in a remote location from their laptop. In only two hours, the two discovered how to intercept the wireless messages being sent from the applications.

Bailey discussed his technique as “war texting”, which involves traveling through cities searching for wireless data. The system is not as easy as it sounds, though. The criminals would have to locate the cars utilizing the mobile applications and connect with them wirelessly. The cell phone involved in the communication connects to a server and numerical keys are transferred for authentication purposes. The security team was able to look at the messages being sent from the mobile phones. “We reverse-engineer the protocol and then we build our own tools to use that protocol to contact that system,” Bailey said.

Bailey will not reveal the two software products they hacked until the software companies develop updates to correct the issues presented.

The issue spreads far beyond remote startup, however. In a world of electronic picture frames and smart meters, wireless technology has exploded in recent years. Mobile networking is evident in many sectors which raises a cause for concern since security is often an afterthought. Furthermore, the development of open source tools has enabled hackers to more easily set up their own test networks.

Bailey grows more concerned about the safety of mobile devices. Just a few months back, he used the same techniques to hack into Zoomback’s personal locator device. Bailey fears that these threats extend far beyond what people realize due to the hundreds of products that have not yet been tested for security purposes. “This architectural flaw expands to so many engineering industries,” he said.

Further testing will ensue on more of these applications involving remote car starts and the vulnerable software companies will be notified of the results.