Cellular-based automotive roadside assistance services like GM's OnStar and BMW Assist allow remote unlocking of vehicles by communicating with remote servers via standard mobile networks. Now a pair of security systems engineers have managed to prove it takes just a few hours of clever reverse engineering to crack the in-car cellular network-based technology to gain access to vehicles. They call their method "War Texting."
Don Bailey and Mathew Solnik of security company iSEC Partners set up an ad-hoc GSM network, which allowed them to communicate directly with the in-car system, posing as authorized servers. A proprietary protocol that is normally in use proved not be secure enough. All they eventually needed to do, was to send simple messages from a laptop to the car's computer.
Bailey and Solnik will present their findings during the upcoming Black Hat USA conference in Las Vegas in a briefing entitled "War Texting: Identifying and Interacting with Devices on the Telephone Network," although they will skip the details regarding the attack, to allow manufacturers to fix vulnerable systems.
However, apparently not just car security technologies are defenseless against the "War Texting" hacking method, as cellular networks are also utilized by SCADA systems that monitor and control industrial infrastructure, or facility-based processes.
"What I got in two hours with the car alarm is pretty horrifying when you consider other devices like this, such as SCADA systems and traffic-control cameras. How quick and easy it is to re-engineer them is pretty scary," Don Bailey said.