The Register® — Biting the hand that feeds IT

Feeds

'War texting' hacks car systems and possibly much more

Remotely start cars, attack SCADA, through GSM

By Dan Goodin, 27th July 2011
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

Software that allows drivers to remotely unlock and start automobiles using cell phones is vulnerable to hacks that allow attackers to do the same thing, sometimes from thousands of miles away, it was widely reported Wednesday.

The exploit affecting an undisclosed product used to remotely control cars was developed by iSec researchers Don Bailey and Matthew Solnik by reverse engineering the GSM, or Global System for Mobile Communications, technology it relies on.

By setting up their own, private GSM network and then closely monitoring it, they were able to figure out the codes needed to send rogue commands to cars that relied on the system. They used a laptop to recreate the messages, a technique they dubbed "war texting."

While the hack raises obvious concerns for users of OnStar RemoteLink and other systems for remotely controlling automobiles, it could pose even more of a threat to operators of SCADA, or supervisory control and data acquisition, systems used to control valves, gears, and other physical processes in industrial plants and factories, Bailey said.

Many industrial control systems also rely on GSM networks to send and receive commands. With the declining cost of operating ad-hoc GSM networks, it could become increasingly easy to penetrate these systems and defeat the security-through-obscurity protections they rely on.

The researchers are scheduled to present their findings during a talk titled War Texting: Identifying and Interacting with Devices on the Telephone Network at next week's Black Hat security conference in Las Vegas.

Original reporting from CNET, IDG News, and Dark Reading is here, here, and here. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

COMMENTS

House Rules Send Corrections
All Reader Comments (49)
Highly Rated
Graham Marsden

Software that allows drivers to remotely unlock and start automobiles using cell phones

WTF? What the hell is wrong with a bloody *KEY*???

In any case, why on earth would you want to be able to unlock and start your car from a distance apart from to make life easier for the thief who'll say "thanks for the car, bye bye!"? (There's also the fact that, in England, it's an offence to leave a vehicle unattended with the engine running...)

15
1
Wize
Reply Icon

You get a thief and an idiot tailgater with one stone...

...I can live with that.

9
0
Jeremy 2
Reply Icon

Multiple messages

...thus multiplying the cost of each control message transmitted by 3 or 4 times. In other words, the kind of thing that the devs would have thought of and the beancounters would have rejected...

7
0

More from The Register

breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19
Critical Java SE update due Tuesday fixes 40 flaws
And yes, most are remotely exploitable
33
Kaspersky slips server security into PC software as attackers get crafty
Want to bag a CEO? Aim for his family
8
NSA accused of new crimes ... against slideware
They may take our information but they cannot take our REFINED AESTHETICS
40