Feeds

'War texting' hacks car systems and possibly much more

Remotely start cars, attack SCADA, through GSM

Choosing a cloud hosting partner with confidence

Software that allows drivers to remotely unlock and start automobiles using cell phones is vulnerable to hacks that allow attackers to do the same thing, sometimes from thousands of miles away, it was widely reported Wednesday.

The exploit affecting an undisclosed product used to remotely control cars was developed by iSec researchers Don Bailey and Matthew Solnik by reverse engineering the GSM, or Global System for Mobile Communications, technology it relies on.

By setting up their own, private GSM network and then closely monitoring it, they were able to figure out the codes needed to send rogue commands to cars that relied on the system. They used a laptop to recreate the messages, a technique they dubbed "war texting."

While the hack raises obvious concerns for users of OnStar RemoteLink and other systems for remotely controlling automobiles, it could pose even more of a threat to operators of SCADA, or supervisory control and data acquisition, systems used to control valves, gears, and other physical processes in industrial plants and factories, Bailey said.

Many industrial control systems also rely on GSM networks to send and receive commands. With the declining cost of operating ad-hoc GSM networks, it could become increasingly easy to penetrate these systems and defeat the security-through-obscurity protections they rely on.

The researchers are scheduled to present their findings during a talk titled War Texting: Identifying and Interacting with Devices on the Telephone Network at next week's Black Hat security conference in Las Vegas.

Original reporting from CNET, IDG News, and Dark Reading is here, here, and here. ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.