A couple of
geeks security researchers have made some interesting finds that they chose to show off at the Black Hat security conference in Las Vegas. Don Bailey and Matthew Solnik from iSec Partners showed the crowd that by using an Android-powered smartphone and a technique they’ve called ‘war texting’, they could lock and unlock the doors on a new Subaru Outback and even start its engine all by remote.
The two set up their own custom GSM network and through that method, they were able to intercept password authentication messages between the server and the car. The entire process of them intercepting the messages took them only a couple of hours, the duo claimed.
The two researchers also did say that their technique can be used to attack many other systems like traffic control and security systems, all of which receive firmware updates by text message. This also means that they could be used to attack SCADA sensors, which are an integral part of infrastructural systems such as the power grid and water supply.
“I could care less if I could unlock a car door. It’s cool. It’s sexy,” Bailey said in an interview. “But the same system is used to control phone, power, traffic systems. I think that’s the real threat.”
Both Bailey and Solnik haven’t disclosed what else they could exploit with the hack or what other cars are vulnerable until the manufacturers are able to fix their loopholes. However, it is know that General Motors, BMW and Mercedes-Benz all over similar remote-control apps.
– By: Chris Chin