Original URL: http://www.theregister.co.uk/2011/07/27/war_texting_hack/

'War texting' hacks car systems and possibly much more

Remotely start cars, attack SCADA, through GSM

By Dan Goodin

Posted in Security, 27th July 2011 23:08 GMT

Software that allows drivers to remotely unlock and start automobiles using cell phones is vulnerable to hacks that allow attackers to do the same thing, sometimes from thousands of miles away, it was widely reported Wednesday.

The exploit affecting an undisclosed product used to remotely control cars was developed by iSec researchers Don Bailey and Matthew Solnik by reverse engineering the GSM, or Global System for Mobile Communications, technology it relies on.

By setting up their own, private GSM network and then closely monitoring it, they were able to figure out the codes needed to send rogue commands to cars that relied on the system. They used a laptop to recreate the messages, a technique they dubbed "war texting."

While the hack raises obvious concerns for users of OnStar RemoteLink and other systems for remotely controlling automobiles, it could pose even more of a threat to operators of SCADA, or supervisory control and data acquisition, systems used to control valves, gears, and other physical processes in industrial plants and factories, Bailey said.

Many industrial control systems also rely on GSM networks to send and receive commands. With the declining cost of operating ad-hoc GSM networks, it could become increasingly easy to penetrate these systems and defeat the security-through-obscurity protections they rely on.

The researchers are scheduled to present their findings during a talk titled War Texting: Identifying and Interacting with Devices on the Telephone Network at next week's Black Hat security conference in Las Vegas.

Original reporting from CNET, IDG News, and Dark Reading is here, here, and here. ®