By Mike Antich
Most of us have seen the commercials of customers’ remotely unlocking car doors or remotely starting an engine using their smart phone while sitting on a plane or even in another country. These mobile applications involve using a smart phone to connect to a server, which then sends encrypted numerical keys to the car to authenticate itself and trigger one of these functions.
Recently, a security systems consultant demonstrated that the technology used to link a car to a smart phone can be hacked to gain control of these vehicle functions using a laptop computer. The demonstration showed that the wireless communication protocols between a server and a vehicle can be intercepted allowing a hacker to “reverse engineer” the encrypted software protocols. Once the software protocols are replicated, a hacker can maliciously communicate with a vehicle to unlock doors or start the engine.
The security systems consultant – Don A. Bailey – works for the security company iSec Partners, Inc. (www.isecpartners.com). On Aug. 3, he gave a presentation entitled, “War Texting: Identifying and Interacting with Devices on the Telephone Network,” at the Black Hat USA, a conference of security professionals, which was held in Las Vegas. The Black Hat USA conference featured 50 technical security presentations discussing software and system vulnerabilities. The presentation given by Bailey demonstrated mobile-networking vulnerabilities in automobiles that would allow an attacker to surreptitiously capture the software protocols used to remotely control vehicle functions, such as unlocking doors or starting an engine. This was achieved by intercepting wireless communications between a car and a server, then reverse engineering the software protocols. This is a technically complex procedure, which Bailey referred to as “war texting.” The term “war texting” is a take-off on another hacking technique called “war driving,” which involves driving around a city capturing data being transmitted on wireless networks.
Bailey said he and his fellow researcher Mat Solnik successfully hacked two vehicles, but did not reveal complete technical details in order to allow the OEMs to develop a “patch.” The purpose was to show it is possible to hack a vehicle and to demonstrate how an experienced hacker could do so relatively quickly. The researchers stated they were able to hack (or reverse engineer) the protocols in about two hours. At the conference, Bailey revealed that a Subaru Outback was “hacked” to unlock its doors and start the engine. An ad hoc GSM (global system for mobile communications) network was set up. By posing as an authorized server, the researchers were able to send rogue commands via a laptop computer and communicate directly with the in-car system. (To view a demonstration of “war texting,” you can view the video below.)
A Problem that Goes Beyond Automobiles
War texting isn’t restricted to automobiles. There are numerous devices that are accessible via the telephone network. These devices receive control messages over the telephone network in the form of text messages (SMS) or GPRS (general packet radio service) data to trigger specific actions.
During the presentation, Bailey stated the same methodology could be used to control similar systems used in traffic signals, security cameras, and power grids. Some industrial control systems rely on GSM networks to send and receive commands. For instance, cellular networks are utilized by SCADA (supervisory control and data acquisition) systems that monitor and control industrial infrastructure or facility-based processes, such as by controlling valves and gears. A recent example of malicious mal-ware directed at a SCADA system was the mysterious Stuxnet virus, which crippled the Iranian nuclear reactor at Bushehr.
As vehicles become more hi-tech and are increasingly connected to the Internet or the cellular grid, it will become easier for thieves to break into vehicles using laptops to hack into the integrated in-vehicle technology. Engineers are hard at work to implement security protocols to minimize a device’s exposure to outside threats. One problem is that devices connected to the phone network cannot be easily “firewalled” from potential attackers as can Internet-enabled systems.
Last year, an earlier independent study similarly showed how automotive software is as vulnerable to malicious hackers as the average PC. The report entitled, “Experimental Security Analysis of a Modern Automobile,” was presented in May 2010 at the IEEE Symposium on Security and Privacy by a team from the University of Washington and the University of California, San Diego. The research paper demonstrated how a sophisticated hacker could wreak havoc on a vehicle by manipulating the in-vehicle computer network or remotely accessing it via its wireless connectivity to the Web.
For example, by accessing the various electronic control modules (ECM) or engine control module, the researchers were able to manipulate the fuel level gauge, falsify the speedometer reading, display arbitrary dashboard messages, dial-up the heat or A/C, lock passengers in the car, continuously blare the horn, pop the hood, turn off the lights, activate the wind-shield wipers, disable the brakes, selectively brake individual wheels on demand, and stop the engine. In addition, after deploying these malicious software commands, the team successfully erased any evidence of tampering.
As vehicle connectivity increases and cars are increasingly connected to cell grids and the Internet, vehicles will be increasingly vulnerable to hacking, in ways we never imagined. A new generation of “cyber-crooks” will emerge who can potentially send malicious messages to trigger actions for nefarious purposes.
The challenge for OEMs will be identifying these threats be-fore they occur, but it is becoming increasingly apparent that we are entering a brave new world of automotive fleet management.
Let me know what you think.
Other Recent Blog Posts
Proposed CAFE Standards to Be Catalyst for Increased Hybridization of Fleets
A Double Whammy for Truck Fleets: Ticket Inflation and Malicious Compliance
Originally posted on Automotive Fleet
See all comments