Hacking Your Car Through a Smart Phone

An Emerging Security Risk


Security consulting firm iSec Partners warns drivers that thieves could exploit smart phone apps that allow the unlocking and starting of cars remotely. Researchers Don Bailey and Mathew Solnik have hacked the protocols some of these apps use and demonstrated how they can take advantage of them using a laptop.

According to Mr. Bailey, the whole process of hacking and improvising the signals these apps send – what he dubs “war texting” – can take as little as two hours.

Mr. Bailey will discuss the research at Black Hat Technical Security Conference in Las Vegas this week. Of course, he won’t name the products or provide full technical details of Mr. Solnik and his work until the software makers can patch them. GM, Mercedes-Benz and BMW all use the technology in one form or another.

Bailey and his cohort intercepted messages sent between the server and the target vehicle over standard mobile networks. He explains:

“We reverse-engineer the protocol and then we build our own tools to use that protocol to contact that system.”

Researchers at iSec think this is indicative of a more widespread problem created by the proliferation of “cheap and easy” mobile networking technology.

Bailey suspects that security considerations are often minimally addressed, thereby making devices using the technology susceptible to exploitation and misuse.

By Tristan Hankins

Story source: Networkworld

http://www.carscoops.com/2011/08/hacking-your-car-through-your-smart.html

Leave a comment

Filed under Crime/Assassination, Nature/Science/Technology

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s