Market Trends

Vehicle Remote Starting and Door Unlocking Can be Hacked

August 16, 2011

by Mike Antich - Also by this author

By Mike Antich
Most of us have seen the commercials of customers’ remotely unlocking car doors or remotely starting an engine using their smart phone while sitting on a plane or even in another country. These mobile applications involve using a smart phone to connect to a server, which then sends encrypted numerical keys to the car to authenticate itself and trigger one of these functions.

Recently, a security systems consultant demonstrated that the technology used to link a car to a smart phone can be hacked to gain control of these vehicle functions using a laptop computer. The demonstration showed that the wireless communication protocols between a server and a vehicle can be intercepted allowing a hacker to “reverse engineer” the encrypted software protocols. Once the software protocols are replicated, a hacker can maliciously communicate with a vehicle to unlock doors or start the engine.

The security systems consultant – Don A. Bailey – works for the security company iSec Partners, Inc. ( On Aug. 3, he gave a presentation entitled, “War Texting: Identifying and Interacting with Devices on the Telephone Network,” at the Black Hat USA, a conference of security professionals, which was held in Las Vegas. The Black Hat USA conference featured 50 technical security presentations discussing software and system vulnerabilities. The presentation given by Bailey demonstrated mobile-networking vulnerabilities in automobiles that would allow an attacker to surreptitiously capture the software protocols used to remotely control vehicle functions, such as unlocking doors or starting an engine. This was achieved by intercepting wireless communications between a car and a server, then reverse engineering the software protocols. This is a technically complex procedure, which Bailey referred to as “war texting.” The term “war texting” is a take-off on another hacking technique called “war driving,” which involves driving around a city capturing data being transmitted on wireless networks.

Bailey said he and his fellow researcher Mat Solnik successfully hacked two vehicles, but did not reveal complete technical details in order to allow the OEMs to develop a “patch.” The purpose was to show it is possible to hack a vehicle and to demonstrate how an experienced hacker could do so relatively quickly. The researchers stated they were able to hack (or reverse engineer) the protocols in about two hours. At the conference, Bailey revealed that a Subaru Outback was “hacked” to unlock its doors and start the engine. An ad hoc GSM  (global system for mobile communications) network was set up. By posing as an authorized server, the researchers were able to send rogue commands via a laptop computer and communicate directly with the in-car system. (To view a demonstration of “war texting,” you can view the video below.)


A Problem that Goes Beyond Automobiles

War texting isn’t restricted to automobiles. There are numerous devices that are accessible via the telephone network. These devices receive control messages over the telephone network in the form of text messages (SMS) or GPRS (general packet radio service) data to trigger specific actions.

During the presentation, Bailey stated the same methodology could be used to control similar systems used in traffic signals, security cameras, and power grids. Some industrial control systems rely on GSM networks to send and receive commands. For instance, cellular networks are utilized by SCADA (supervisory control and data acquisition) systems that monitor and control industrial infrastructure or facility-based processes, such as by controlling valves and gears. A recent example of malicious mal-ware directed at a SCADA system was the mysterious Stuxnet virus, which crippled the Iranian nuclear reactor at Bushehr.

As vehicles become more hi-tech and are increasingly connected to the Internet or the cellular grid, it will become easier for thieves to break into vehicles using laptops to hack into the integrated in-vehicle technology. Engineers are hard at work to implement security protocols to minimize a device’s exposure to outside threats. One problem is that devices connected to the phone network cannot be easily “firewalled” from potential attackers as can Internet-enabled systems.

Last year, an earlier independent study similarly showed how automotive software is as vulnerable to malicious hackers as the average PC. The report entitled, “Experimental Security Analysis of a Modern Automobile,” was presented in May 2010 at the IEEE Symposium on Security and Privacy by a team from the University of Washington and the University of California, San Diego. The research paper demonstrated how a sophisticated hacker could wreak havoc on a vehicle by manipulating the in-vehicle computer network or remotely accessing it via its wireless connectivity to the Web.

For example, by accessing the various electronic control modules (ECM) or engine control module, the researchers were able to manipulate the fuel level gauge, falsify the speedometer reading, display arbitrary dashboard messages, dial-up the heat or A/C, lock passengers in the car, continuously blare the horn, pop the hood, turn off the lights, activate the wind-shield wipers, disable the brakes, selectively brake individual wheels on demand, and stop the engine. In addition, after deploying these malicious software commands, the team successfully erased any evidence of tampering.
As vehicle connectivity increases and cars are increasingly connected to cell grids and the Internet, vehicles will be increasingly vulnerable to hacking, in ways we never imagined. A new generation of “cyber-crooks” will emerge who can potentially send malicious messages to trigger actions for nefarious purposes.

The challenge for OEMs will be identifying these threats be-fore they occur, but it is becoming increasingly apparent that we are entering a brave new world of automotive fleet management.

Let me know what you think.

[email protected]

Related Articles

Can Fleet Vehicles be Hacked?

Other Recent Blog Posts

Proposed CAFE Standards to Be Catalyst for Increased Hybridization of Fleets

A Double Whammy for Truck Fleets: Ticket Inflation and Malicious Compliance  


  1. 1. Michael Youra [ August 19, 2011 @ 03:25PM ]

    My first take on this is that law enforcement could make use of this under certain strictly authorized conditions,such as a dangerous individual refusing to stop. The possibility of misuse exists so national protocols would have to be in place to maximize valid usage and prevent abuse.

    Given the nature of the systems,identifiers should "keyed" intyo place to prevent anyone else from taking over another vehicle.

  2. 2. Anonymous [ August 23, 2011 @ 08:51PM ]

    And what's the problem with all this? Now thieves need to be a sotfware engineer to hack your car, In the past high school dropout could jimmy open the door, find the right connector, twist power+acc+on together and touch the wires to start and drive away. Not to mention, he was able to do all this in under 30 seconds, not the two hours boasted by the pros in the article.
    I think OEMs should concentrate more on meeting emission standards.

  3. 3. Mark Hewitt [ March 02, 2012 @ 06:21AM ]

    Today the FCC issued notice of comments on Wireless service interruptions DA 12-311 - this includes comments on the right of public safety to jam radio traffic - one of the key elements I see potential is the use of private radio jammers to protect vulnerable systems in critical instrumentation - for example if a hacker were able to turn off an engine or engage brakes - change speed - etc this could be considered life threatening - "See TED presentation by Avi Rubin on "All your devices can be hacked" - as the increase in connectivity into critical systems continue without necessary security measures - the obvious next step is to begin to disconnect or jam potential threats.

Comment On This Story

Email: (Email will not be displayed.)  
Comment: (Maximum 10000 characters)  
Leave this field empty:
* Please note that every comment is moderated.



Fleet Management And Leasing

Jack Firriolo from Merchants will answer your questions and challenges

View All

Author Bio

sponsored by

Mike Antich

Editor and Associate Publisher

Mike Antich has covered fleet management and remarketing for more than 20 years and was inducted in the Fleet Hall of Fame in 2010.

» More

Grants & Subsidies

Alternative Fueling Station Locator

Alternative Fueling Station Locator

Find your closest station or plan a route. Locate biodiesel, electric, ethanol, hydrogen, compressed natural gas (CNG), liquified natural gas (LNG), and propane across America.

Start Your Search