A security consultant has shown it’s possible to steal some cars simply by sending a specially crafted series of text messages.
Don Bailey of iSEC Partners was speaking at the Black Hat security conference in Las Vegas. It’s an annual event designed to inform security professionals about the latest threats, and has become known for speakers giving practical demonstrations of vulnerabilities.
Bailey’s presentation covered the growing number of devices that are simply attached to the telephone network and thus aren’t as easy to isolate from attacks over the Internet itself.
In his demonstration, he used a laptop to send text messages as if from a phone: some reports say he noted the technique could be carried out simply using an Android handset. Not only were Bailey and colleague Matthew Solnik able to unlock the car without touching it, but they were then able to start the engine.
The car used in the demonstration was a Subaru Outlook, though there’s no indication the problem is specific to that model. As is common practice at Black Hat, Bailey didn’t reveal precise details of the system involved as he wants to give the manufacturers time to tackle the issue.
The heart of the problem is that such wireless products rely on the GSM phone network system. But it appears to be too easy to set up a bogus server and intercept messages to and from devices.
It wasn’t actually cars where Bailey first tried out the technique. He came up with the idea after seeing Oprah Winfrey discuss the Zoombak, a gadget that helps parents track their children’s movements. Bailey says he was able to break into the Zoombak system through a similar technique (pictured).
But while the car lock made for a more spectacular demonstration, there’s a wide range of systems that could be attacked with the same technique, including traffic systems. (Surely not traffic lights, Superman III style?) Most worryingly it could mean some SCADA industrial control systems are vulnerable.
According to Bailey, the problem could be stopped if manufacturers were prepared to use more expensive components in wireless devices — and if the public were willing to pay extra.