Hackers Can Unlock Doors Start Some Cars Via....SMS!

SamAsh07

SamAsh07

Well-Known Member
OP
Member
Level 5
Joined
Jan 27, 2009
Messages
2,696
Trophies
0
Age
33
Location
Bahrain
XP
611
Country
Bosnia and Herzegovina
carlock29.jpg

Computer security researchers Mathew Solnik and Don Bailey from iSec Partners have discovered a way to unlock your car doors and start your car remotely using SMS sent from a laptop.

The pair intercepted the wireless messages that flow between a car and a software-based remote control system like that from OnStar.

It took them about two hours to crack the protocol behind this communication and duplicate it with a laptop. If that isn't unsettling enough, they've been able to use this attack against two different car systems, thus far.

The pair will present this hack which they call "war texting" at the Black Hat conference later this week. Being white hat hackers, they won't release all the technical details until this exploit has been patched.[/p]

arrow.gif
Source

Nowadays nothing is safe. Sheesh.
mellow.gif
 
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,850
Country
Poland
Everything is hackable, as Spinal said, nothing to be concerned of.

I admire the effort, however I'd like to underline that without a key in the ignition, the Immobilizer will lock down the car, and seeing that those are smart cars, there's a high probability that it will also engage the alarm, trapping the poor thief.
 
N

Nathan Drake

Obligations fulfilled, now I depart.
Member
Level 11
Joined
Jan 2, 2011
Messages
6,192
Trophies
0
XP
2,707
Country
Foxi4 said:
Everything is hackable, as Spinal said, nothing to be concerned of.

I admire the effort, however I'd like to underline that without a key in the ignition, the Immobilizer will lock down the car, and seeing that those are smart cars, there's a high probability that it will also engage the alarm, trapping the poor thief.
Click to expand...

I'm sure that if somebody can figure out how to unlock the car, they can figure out how to undo the safeguards in due time. I know this is a fairly simple "hack" from the details given, but if you leave anything that you feel is secured in your car, it could be easily stolen. I know plenty of people, especially around the holidays, store hop in a single day. Would you like to have hundreds of dollars of things you've bought at risk for having the latest technology?

I'll take an old fashioned car in the respect that I have to do everything related to unlocking and starting the car manually. I'll still make thieves work for what they want.
 
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,850
Country
Poland
Nathan Drake said:
Foxi4 said:
Everything is hackable, as Spinal said, nothing to be concerned of.

I admire the effort, however I'd like to underline that without a key in the ignition, the Immobilizer will lock down the car, and seeing that those are smart cars, there's a high probability that it will also engage the alarm, trapping the poor thief.
Click to expand...

I'm sure that if somebody can figure out how to unlock the car, they can figure out how to undo the safeguards in due time. I know this is a fairly simple "hack" from the details given, but if you leave anything that you feel is secured in your car, it could be easily stolen. I know plenty of people, especially around the holidays, store hop in a single day. Would you like to have hundreds of dollars of things you've bought at risk for having the latest technology?

I'll take an old fashioned car in the respect that I have to do everything related to unlocking and starting the car manually. I'll still make thieves work for what they want.
Click to expand...

The door might be secured by software, but the immobilizer is a hardware part. Unless the thief knows which parts to remove, he will be trapped in the car.
 
N

Nathan Drake

Obligations fulfilled, now I depart.
Member
Level 11
Joined
Jan 2, 2011
Messages
6,192
Trophies
0
XP
2,707
Country
Foxi4 said:
Nathan Drake said:
Foxi4 said:
Everything is hackable, as Spinal said, nothing to be concerned of.

I admire the effort, however I'd like to underline that without a key in the ignition, the Immobilizer will lock down the car, and seeing that those are smart cars, there's a high probability that it will also engage the alarm, trapping the poor thief.
Click to expand...

I'm sure that if somebody can figure out how to unlock the car, they can figure out how to undo the safeguards in due time. I know this is a fairly simple "hack" from the details given, but if you leave anything that you feel is secured in your car, it could be easily stolen. I know plenty of people, especially around the holidays, store hop in a single day. Would you like to have hundreds of dollars of things you've bought at risk for having the latest technology?

I'll take an old fashioned car in the respect that I have to do everything related to unlocking and starting the car manually. I'll still make thieves work for what they want.
Click to expand...

The door might be secured by software, but the immobilizer is a hardware part. Unless the thief knows which parts to remove, he will be trapped in the car.
Click to expand...

The immobilizer still has to be enabled, presumably by a software check. I can't imagine it would be all hardware based (honestly, correct me if I'm wrong - I'm not very car savvy). There has to be something more there now with even your average smartphone having the ability to unlock your car and perform various functions from however far away.

Also, breaking out the windshield or back windshield, hell, breaking the drivers side window can be enough room for people to squeeze out. If you went properly prepared, I would imagine you would have something heavy enough to break a windshield or at least a window.

Edit: I did some minor research. It seems the immobilizer just prevents the car from starting. It would, in no way, prevent the thief from leaving. The ignition is simply disabled. I would think you would need a few more extras to initiate a full lock down, though that could get messy with careless people that may have multiple, similar smart cars. From what I gather, the key for the car has a specific encryption that must be sent to the immobilizer via the ignition. If the wrong key is received, or a device lacking the encrypted key, the ignition will basically shut off. You would be far from trapped with such a simple device.
 
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,850
Country
Poland
Nathan Drake said:
The immobilizer still has to be enabled, presumably by a software check. I can't imagine it would be all hardware based (honestly, correct me if I'm wrong - I'm not very car savvy). There has to be something more there now with even your average smartphone having the ability to unlock your car and perform various functions from however far away.

Also, breaking out the windshield or back windshield, hell, breaking the drivers side window can be enough room for people to squeeze out. If you went properly prepared, I would imagine you would have something heavy enough to break a windshield or at least a window.

Edit: I did some minor research. It seems the immobilizer just prevents the car from starting. It would, in no way, prevent the thief from leaving. The ignition is simply disabled. I would think you would need a few more extras to initiate a full lock down, though that could get messy with careless people that may have multiple, similar smart cars. From what I gather, the key for the car has a specific encryption that must be sent to the immobilizer via the ignition. If the wrong key is received, or a device lacking the encrypted key, the ignition will basically shut off. You would be far from trapped with such a simple device.
Click to expand...

That's not entirely true. That's immobilizers from the 20th century, nowadays Immobilizers allow you to turn on the vehicle and drive for a certain period of time, and then they disable the engine and lock the doors. Leaving through the window in the middle of the street is bent to be suspicious. There is no software check, the immobilizer is turned on or off via physical key/keycard check.
 
N

Nathan Drake

Obligations fulfilled, now I depart.
Member
Level 11
Joined
Jan 2, 2011
Messages
6,192
Trophies
0
XP
2,707
Country
Foxi4 said:
Nathan Drake said:
The immobilizer still has to be enabled, presumably by a software check. I can't imagine it would be all hardware based (honestly, correct me if I'm wrong - I'm not very car savvy). There has to be something more there now with even your average smartphone having the ability to unlock your car and perform various functions from however far away.

Also, breaking out the windshield or back windshield, hell, breaking the drivers side window can be enough room for people to squeeze out. If you went properly prepared, I would imagine you would have something heavy enough to break a windshield or at least a window.

Edit: I did some minor research. It seems the immobilizer just prevents the car from starting. It would, in no way, prevent the thief from leaving. The ignition is simply disabled. I would think you would need a few more extras to initiate a full lock down, though that could get messy with careless people that may have multiple, similar smart cars. From what I gather, the key for the car has a specific encryption that must be sent to the immobilizer via the ignition. If the wrong key is received, or a device lacking the encrypted key, the ignition will basically shut off. You would be far from trapped with such a simple device.
Click to expand...

That's not entirely true. That's immobilizers from the 20th century, nowadays Immobilizers allow you to turn on the vehicle and drive for a certain period of time, and then they disable the engine and lock the doors. Leaving through the window in the middle of the street is bent to be suspicious. There is no software check, the immobilizer is turned on or off via physical key/keycard check.
Click to expand...

It doesn't seem that version of the immobilizer is that popular yet, since most information I can find only refers to the 20th century ones. Of course, I don't know how popular smart cars are in general. Most people around where I am are still driving rather featureless cars from 4 to 30 years ago. I'm sure a smart thief would be fairly cautious though. Nowadays, a thief should be smart enough to realize that they should be tech savvy enough to figure out what else they may need to disconnect before hot wiring their car of choice.

A dumb thief deserves a bad outcome.
 
FAST6191

FAST6191

Techromancer
Editorial Team
Level 33
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,348
Country
United Kingdom
How amusing, I shall have to find a copy of the presentation if there is one.

Maybe one day car electronics will use post 2000 tech/crypto.
 
shakirmoledina

shakirmoledina

Legend
Member
Level 6
Joined
Oct 23, 2004
Messages
6,613
Trophies
0
Age
34
Location
Dar es Salaam
Website
vfootball.co.nf
XP
830
Country
Tanzania
initially (correct me fast or someone) DNS was not made with security in mind but when they saw the DNS poisoning, they put security controls in the DNS.

if this becomes an issue, then i believe they will also have to add "3ds" security to this.
 
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,850
Country
Poland
jonesman99 said:
Next, hackers will find a way to shut off old people's pacemakers... Mark my words.
Click to expand...

If it's a pacemaker with wireless input/output line, sure - entirely possible. However, isn't it infinitely easier to just emmit an E.M.P wave that shuts down all electronics? It's quicker.
 
cwstjdenobs

cwstjdenobs

Sodomy non sapiens
Member
Level 2
Joined
Mar 10, 2009
Messages
1,756
Trophies
0
Location
Ankh-Morpork
Website
Visit site
XP
205
Country
If you think this is bad you have no clue how bad the security is on most central locking and alarm/immobiliser systems. A lot of cars the "code" for the remote is the cars VIN number...
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Gaming Homebrew Homebrew app  SUYU Discord get deleted

Disney's New X-Files Reboot Already Has A Mulder & Scully Return Problem

Mig switch flashcard clones are coming

"Apple has lifted its restriction on retro game emulators on the iOS App Store"

Gaming  Nintendo Switch 2 OFFICIAL IMAGES LEAKED Mod edit: Confirmed FAKE!

Nintendo themed items taken down from Steam Workshop (Garry’s Mod)

Backdoor in `xz` found, affects ssh (linux remote desktop connections)

Homebrew app  A Commodore 64 core for the Analogue Pocket just released today!

General chit-chat
Help Users
    The Real Jdbye @ The Real Jdbye: there was a "HD" redrawn version of :creep: someone made at one point but i didnt save it