Just what we need, criminals that can unlock our cars using a computer.

'War Texting' lets hackers gain access to cars via GSM networks


Cellular-based automotive roadside assistance services like GM's OnStar and BMW Assist allow remote unlocking of vehicles by communicating with remote servers via standard mobile networks. Now a pair of security systems engineers have managed to prove it takes just a few hours of clever reverse engineering to crack the in-car cellular network-based technology to gain access to vehicles. They call their method "War Texting."

Don Bailey and Mathew Solnik of security company iSEC Partners set up an ad-hoc GSM network, which allowed them to communicate directly with the in-car system, posing as authorized servers. A proprietary protocol that is normally in use proved not be secure enough. All they eventually needed to do, was to send simple messages from a laptop to the car's computer.

Bailey and Solnik will present their findings during the upcoming Black Hat USA conference in Las Vegas in a briefing entitled "War Texting: Identifying and Interacting with Devices on the Telephone Network," although they will skip the details regarding the attack, to allow manufacturers to fix vulnerable systems.

However, apparently not just car security technologies are defenseless against the "War Texting" hacking method, as cellular networks are also utilized by SCADA systems that monitor and control industrial infrastructure, or facility-based processes.

"What I got in two hours with the car alarm is pretty horrifying when you consider other devices like this, such as SCADA systems and traffic-control cameras. How quick and easy it is to re-engineer them is pretty scary," Don Bailey said.

 

A couple of researchers doing a proof of concept hack on a car they had 2 hours to work with does not mean criminals can or will be doing it anytime soon. Frankly, I'm a lot more worried about idiots ramming into my car than hacking into it

 

Wow, thieves can now get in an Onstar equipped car in 2 hours instead of the normal 5 seconds.

 

Really, I have to put that on top on my who gives a crap. Man just drive your Vette and enjoy it.

 

 

Even if you get in you can't drive the car away. Not without the RFID tag. Sure, you can steal what's inside, but save yourself some time and break the goddamn window.

 

Honestly, the guys that have the knowledge to war text and hack into an OnStar system have no interest in stealing any cars. Their interest is more or less seeing what kind of device they can hack. Concerning SCADA systems like what control power plants, check out this link especially around the 1:50 mark. Guys hacked into a power plant (with the plants permission) and manipulated the software that controls the turbine engine..and essentially blew the thing up. The hackers were on the opposite coast.

http://www.youtube.com/watch?v=rTkXgqK1l9A

 

My Pitbull might have something to bark about that.

 

Two gentlemen here that do not understand information systems security and vulnerability exploits.

The original proof of concept takes time. Knowing any process can be done usually puts you 2/3 of the way toward getting it done. So when this information gets into the hacking community, the process gets debugged and compressed and packaged. Then any goof can torrent the code.

Security professionals that laugh at exploits, as some here do, find themselves in trouble later. That goes for OnStar Corporation.

Now, I have no concern about this exploit. It is completely impossible for OnStar to function in my car, and it will stay that way for as long as I own the car.

 

whatever, as long as you can smash the window thats all that matters

 

Simple and tested!!

 

If that's the case then perhaps investing in an aftermarket alarm would be wise. They may still be able to open the door, however, at least sirens (or even better, an aftermarket air horn) and flashing lights would go off.

 

Simply getting into a car that you've hacked remotely and driving away tends to draw significantly less attention from passers-by than breaking the window and ripping out wires.

Just sayin'...

 

Also fun once its to the point of being accessible in seconds: shutting down the engine of someone you don't like while they're in traffic. Hilarious!

 

Most aftermarket alarms are a joke. In fact since most have industry standard wires, it makes stealing cars EASIER.

Agreed, this is real threat AND safety issue. Onstar has the ability to shut the car off, I wonder if there is undocumented code to actually start it. I also wonder how far some good social engineering would get you with the Onstar folks.

 

Actually, I do understand it quite well, thank you, Mr. Condescending. I've worked in IT and I'll bet I can build a PC from spare parts quicker than you can call the Geek Squad for your virus. I do all of my downloading onto a virtual, sandboxed operating system, behind two firewalls, and other countermeasures I won't bore the forum with. The issue isn't security, it's how it is reported in the media.

The media consistently reports breathlessly about "OMG, hacks!" when it's really a couple of good guy researchers who have likely already informed the company involved, and the hack has never been found in the wild, and never will be. If I had a nickle for every time I've read about some computer "hack" that could "potentially" steal all your data, in which nobody has ever actually done so, I could afford a supercharger for my new GS.

I'm calling ******** on this, and nobody's Vette will ever be broken into by this "hack."

 

Your disdainful, egotistic, patronizing paragraph #1 reads like it's been cribbed out of a PC forum, clueing the alert reader to call ******** on your entire post. Save the "hack has never been found in the wild" for some famous last words with your gamer friends.

 

One gentleman (cough, cough) here that nobody really cares what he thinks.

 

you would think... but that doesn't stop all the stolen cars I see every week I would say the majority of cars stolen are normal run of the mill vehicles that are used by low level crooks and dumped when they run out of gas. The professionals are gonna get your car if they really want it. Funny thing is in 14 years I haven't worked but maybe 1 or 2 Corvette break ins...and 0 recovered stolen Vettes. I did do one recovered stolen Ferrari but that was because 2 guys leaving a club told the valet it was theirs and he gave them the keys without checking they drove it 10 miles rammed a pickup at the next club and walked away

 

keep up with the pissin match and I can shut you down faster than an Onstar operator during a pursuit