Hackers break into Subaru Outback using Android smartphone

Posted: Aug 05, 2011
    Email 5 Comments

2010 Subaru Outback

A couple of geeks security researchers have made some interesting finds that they chose to show off at the Black Hat security conference in Las Vegas. Don Bailey and Matthew Solnik from iSec Partners showed the crowd that by using an Android-powered smartphone and a technique they’ve called ‘war texting’, they could lock and unlock the doors on a new Subaru Outback and even start its engine all by remote.

The two set up their own custom GSM network and through that method, they were able to intercept password authentication messages between the server and the car. The entire process of them intercepting the messages took them only a couple of hours, the duo claimed.

The two researchers also did say that their technique can be used to attack many other systems like traffic control and security systems, all of which receive firmware updates by text message. This also means that they could be used to attack SCADA sensors, which are an integral part of infrastructural systems such as the power grid and water supply.

“I could care less if I could unlock a car door. It’s cool. It’s sexy,” Bailey said in an interview. “But the same system is used to control phone, power, traffic systems. I think that’s the real threat.”

Both Bailey and Solnik haven’t disclosed what else they could exploit with the hack or what other cars are vulnerable until the manufacturers are able to fix their loopholes. However, it is know that General Motors, BMW and Mercedes-Benz all over similar remote-control apps.

- By: Chris Chin

Source: TGDaily


Share |  Email  Print |

Tags: , ,



Subscribe & Connect

Connect with us on any of our social profiles below.

Subscribe to our e-mail newsletter to receive updates.

  • http://sam.abuelsamid.com Sam Abuelsamid

    It’s important to note that the system that Bailey and Solnik hacked was not factory  installed.  This was done with an aftermarket security system.

  • http://sam.abuelsamid.com Sam Abuelsamid

    It’s important to note that the system that Bailey and Solnik hacked was not factory  installed.  This was done with an aftermarket security system.

  • Android User

    “However, it is know that General Motors, BMW and Mercedes-Benz all over
    similar remote-control apps.” <– note "remote-control app" if you
    can connect to your vehicle from the net do you honestly think no one
    will take the time to watch how the handshake works? kinda surprised
    their is no authentication, not that it would stop this from happening,
    but it would be a added security measure… at least make you work for
    access

  • Boo Boo

    It’s bull shit,

  • Gekke Henkie

    @Boo Boo:
    They showed it to the crowd at the Black Hat security conference in Las Vegas. Why would that be bull shit? Were you there?

    If you tap in the same radio frequency, and you know the code that’s used (because you picked it up), you can quite simple repeat that code. They’ve been doing the same sort of trick (slightly different) with ATM’s in Europe almost 10 years ago. One of my friends used to program smart cards in the same sort of manner (you could park for free in some cities with those); he had simply picked-up and copied the code they used to load them. So, I wouldn’t say ‘bull shit’ that quickly.