Subaru Outback: Unlocked And Started via Text Message By Hackers

Recently, in Las Vegas, took place Black Hat security conference. There were all kinds of demonstrations, but one of the most intriguing and interesting, for us, was a demonstration of the Subaru Outback being unlocked and its engine being started remotely. This event was conducted by two security researchers from iSec Partners named Don Bailey and Matthew Solnik. Don and Matthew got an Android phone and used a technique they referred to as “war texting” wherein they used two unnamed remote control products that are for locking and unlocking.

Well now comes the interesting part, because after setting up their own GSM network, they were able to intercept the password authentication messages between the server and the car. It took them just a couple of hours, they say. Don Bailey and Matthew Solnik from iSec Partners said that this technique could be used to hit other systems that receive firmware updates through text messages. These include traffic control systems and security cameras. It’s worrisome that this technique could be used on SCADA sensors, which are employed in industrial systems like the power grid and water supply.

“I could care less if I could unlock a car door. It’s cool. It’s sexy,” Bailey told CNN. “But the same system is used to control phone, power, traffic systems. I think that’s the real threat.”

Of course, they declined to provide details about how the hacking is accomplished or to say what cars are at risk until the manufacturers get the chance to fix the vulnerabilities. Keeps in mind that similar remote-control apps are used by General Motors, BMW and Mercedes.

Last year, in May, other security researchers have successfully attempted to remotely control cars. A group from the University of Washington used a diagnostic computer system named the Controller Area Network to control the locks and the brakes of the cars remotely.

Source: 4wheelsnews