Hackers Can Unlock Doors Start Some Cars Via....SMS!

Discussion in 'User Submitted News' started by SamAsh07, Jul 29, 2011.

  1. SamAsh07
    OP

    Member SamAsh07 GBAtemp Addict

    Joined:
    Jan 27, 2009
    Messages:
    2,693
    Location:
    Bahrain
    Country:
    Bahrain
    [​IMG]

    Computer security researchers Mathew Solnik and Don Bailey from iSec Partners have discovered a way to unlock your car doors and start your car remotely using SMS sent from a laptop.

    The pair intercepted the wireless messages that flow between a car and a software-based remote control system like that from OnStar.

    It took them about two hours to crack the protocol behind this communication and duplicate it with a laptop. If that isn't unsettling enough, they've been able to use this attack against two different car systems, thus far.

    The pair will present this hack which they call "war texting" at the Black Hat conference later this week. Being white hat hackers, they won't release all the technical details until this exploit has been patched.[/p]

    [​IMG] Source

    Nowadays nothing is safe. Sheesh. [​IMG]
     


  2. dgwillia

    Member dgwillia The Bacon Lover

    Joined:
    Mar 9, 2008
    Messages:
    2,171
    Location:
    Columbia Station, Ohio
    Country:
    United States
    Dear god, whats next. Toilets flushing with nothing in them?! Microwaves turning on with nothing to heat?!

    *Leaps out window*
     
  3. spinal_cord

    Member spinal_cord Knows his stuff

    Joined:
    Jul 21, 2007
    Messages:
    2,871
    Location:
    somewhere
    Country:
    United Kingdom
    Nothing to worry about really, it's no different from a group saying they figured out how to put a brick though your window.
     
  4. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,705
    Location:
    Gaming Grotto
    Country:
    Poland
    Everything is hackable, as Spinal said, nothing to be concerned of.

    I admire the effort, however I'd like to underline that without a key in the ignition, the Immobilizer will lock down the car, and seeing that those are smart cars, there's a high probability that it will also engage the alarm, trapping the poor thief.
     
  5. SamAsh07
    OP

    Member SamAsh07 GBAtemp Addict

    Joined:
    Jan 27, 2009
    Messages:
    2,693
    Location:
    Bahrain
    Country:
    Bahrain
    That'd be a haunted house.
     
  6. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,705
    Location:
    Gaming Grotto
    Country:
    Poland
    Think of all the wasted electricity. Al Gore's biggest nightmare.
     
  7. Nathan Drake

    Member Nathan Drake Obligations fulfilled, now I depart.

    Joined:
    Jan 2, 2011
    Messages:
    6,192
    Country:
    Antarctica
    I'm sure that if somebody can figure out how to unlock the car, they can figure out how to undo the safeguards in due time. I know this is a fairly simple "hack" from the details given, but if you leave anything that you feel is secured in your car, it could be easily stolen. I know plenty of people, especially around the holidays, store hop in a single day. Would you like to have hundreds of dollars of things you've bought at risk for having the latest technology?

    I'll take an old fashioned car in the respect that I have to do everything related to unlocking and starting the car manually. I'll still make thieves work for what they want.
     
  8. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,705
    Location:
    Gaming Grotto
    Country:
    Poland
    The door might be secured by software, but the immobilizer is a hardware part. Unless the thief knows which parts to remove, he will be trapped in the car.
     
  9. Nathan Drake

    Member Nathan Drake Obligations fulfilled, now I depart.

    Joined:
    Jan 2, 2011
    Messages:
    6,192
    Country:
    Antarctica
    The immobilizer still has to be enabled, presumably by a software check. I can't imagine it would be all hardware based (honestly, correct me if I'm wrong - I'm not very car savvy). There has to be something more there now with even your average smartphone having the ability to unlock your car and perform various functions from however far away.

    Also, breaking out the windshield or back windshield, hell, breaking the drivers side window can be enough room for people to squeeze out. If you went properly prepared, I would imagine you would have something heavy enough to break a windshield or at least a window.

    Edit: I did some minor research. It seems the immobilizer just prevents the car from starting. It would, in no way, prevent the thief from leaving. The ignition is simply disabled. I would think you would need a few more extras to initiate a full lock down, though that could get messy with careless people that may have multiple, similar smart cars. From what I gather, the key for the car has a specific encryption that must be sent to the immobilizer via the ignition. If the wrong key is received, or a device lacking the encrypted key, the ignition will basically shut off. You would be far from trapped with such a simple device.
     
  10. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,705
    Location:
    Gaming Grotto
    Country:
    Poland
    That's not entirely true. That's immobilizers from the 20th century, nowadays Immobilizers allow you to turn on the vehicle and drive for a certain period of time, and then they disable the engine and lock the doors. Leaving through the window in the middle of the street is bent to be suspicious. There is no software check, the immobilizer is turned on or off via physical key/keycard check.
     
  11. Nathan Drake

    Member Nathan Drake Obligations fulfilled, now I depart.

    Joined:
    Jan 2, 2011
    Messages:
    6,192
    Country:
    Antarctica
    It doesn't seem that version of the immobilizer is that popular yet, since most information I can find only refers to the 20th century ones. Of course, I don't know how popular smart cars are in general. Most people around where I am are still driving rather featureless cars from 4 to 30 years ago. I'm sure a smart thief would be fairly cautious though. Nowadays, a thief should be smart enough to realize that they should be tech savvy enough to figure out what else they may need to disconnect before hot wiring their car of choice.

    A dumb thief deserves a bad outcome.
     
  12. Waflix

    Member Waflix El Psy Congroo

    Joined:
    Dec 17, 2010
    Messages:
    638
    Country:
    Netherlands
    No problem with this, right? Especially because they are White hatted, and don't reveal the secrets.
     
  13. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,706
    Country:
    United Kingdom
    How amusing, I shall have to find a copy of the presentation if there is one.

    Maybe one day car electronics will use post 2000 tech/crypto.
     
  14. shakirmoledina

    Member shakirmoledina Legend

    Joined:
    Oct 23, 2004
    Messages:
    6,611
    Location:
    Dar es Salaam
    Country:
    Tanzania
    initially (correct me fast or someone) DNS was not made with security in mind but when they saw the DNS poisoning, they put security controls in the DNS.

    if this becomes an issue, then i believe they will also have to add "3ds" security to this.
     
  15. ShawnTRods

    Member ShawnTRods GBAtemp Psycho!

    Joined:
    Mar 26, 2011
    Messages:
    4,280
    Location:
    London
    Country:
    United Kingdom
    Whats next.. Hackers can uncloath you with a phone call [​IMG]!
     
  16. Saddamsdevil

    Member Saddamsdevil GBAtemp Advanced Fan

    Joined:
    Sep 12, 2009
    Messages:
    568
    Country:
    United Kingdom
    That's called a stripper. You can hire them if you want.
     
  17. jonesman99

    Member jonesman99 GBAtemp's Official ArchAndroid

    Joined:
    Nov 10, 2008
    Messages:
    1,112
    Location:
    A Star Called Metropolis
    Country:
    United States
    Next, hackers will find a way to shut off old people's pacemakers... Mark my words.
     
  18. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,705
    Location:
    Gaming Grotto
    Country:
    Poland
    If it's a pacemaker with wireless input/output line, sure - entirely possible. However, isn't it infinitely easier to just emmit an E.M.P wave that shuts down all electronics? It's quicker.
     
  19. cwstjdenobs

    Member cwstjdenobs Sodomy non sapiens

    Joined:
    Mar 10, 2009
    Messages:
    1,757
    Location:
    Ankh-Morpork
    Country:
    United Kingdom
    If you think this is bad you have no clue how bad the security is on most central locking and alarm/immobiliser systems. A lot of cars the "code" for the remote is the cars VIN number...
     
  20. dragon574444

    Member dragon574444 GBAtemp Regular

    Joined:
    Dec 25, 2007
    Messages:
    287
    Country:
    United States
    And this is why I love my car.
     

Share This Page