Security consulting firm iSec Partners warns drivers that thieves could exploit smart phone apps that allow the unlocking and starting of cars remotely.
Researchers Don Bailey and Mathew Solnik have hacked the protocols some of these apps use and demonstrated how they can take advantage of them using a laptop.
According to Mr. Bailey, the whole process of hacking and improvising the signals these apps send – what he dubs “war texting” – can take as little as two hours.
Mr. Bailey will discuss the research at Black Hat Technical Security Conference in Las Vegas this week. Of course, he won’t name the products or provide full technical details of Mr. Solnik and his work until the software makers can patch them. GM, Mercedes-Benz and BMW all use the technology in one form or another.
Bailey and his cohort intercepted messages sent between the server and the target vehicle over standard mobile networks. He explains:
“We reverse-engineer the protocol and then we build our own tools to use that protocol to contact that system.”
Researchers at iSec think this is indicative of a more widespread problem created by the proliferation of “cheap and easy” mobile networking technology.
Bailey suspects that security considerations are often minimally addressed, thereby making devices using the technology susceptible to exploitation and misuse.
By Tristan Hankins
Story source: Networkworld