How to unlock a car with a text message

**Curt James** · 08-03-2011, 08:38 PM

How to unlock a car with a text message

By John D. Sutter, CNN
August 3, 2011

Security expert Don Bailey says the same hack he uses to unlock cars could hit power and water systems.

STORY HIGHLIGHTS

Security expert: Same hack that can unlock cars could threaten industrial, infrastructure systems
The hack attacks device linked into mobile networks -- as more and more things are
Speaker was at Black Hat, an annual conference for hackers and security professionals

Las Vegas (CNN) -- Don Bailey says he can unlock thousands of cars across the United States simply by sending a few texts from his Android phone.

And that's not even the scary part.

Bailey, a senior security consultant with iSEC Partners, said in an interview with CNN at the Black Hat security conference here at Caesars Palace that the same hack he has used to demonstrate unlocking and even starting a car via text message also could be used to attack industrial systems, the power grid and the water system.

"I could care less if I could unlock a car door," he said. "It's cool. It's sexy. But the same system is used to control phone, power, traffic systems. I think that's the real threat."

Bailey would not share details about which cars or which auto systems are vulnerable to the hack that he showed off publicly at the event.

The hack affects many kinds of devices that connect to cellular GSM networks, like the one used by AT&T. As cars and plenty of other stuff -- from pill bottles to trees, he said -- start connecting to cell grids and the Internet, Bailey said they become more vulnerable.

Certain electronic components that accept wireless signals are vulnerable to the hack, he said. Those components are in the cars Bailey said he can unlock remotely.

Again, he would not name which cars have them.

Strangely enough, Oprah Winfrey kinda-sorta inspired this research.
Bailey said he was watching an "Oprah" show about a device called the Zoombak, which the TV host said could be used by parents to track the locations of their kids.

"I heard that and thought, 'Oh dear God no. Please Oprah, no, no no!' " he said in a presentation at Black Hat. "This was my thinking: That's dangerous. That can definitely be owned. Let's own that thing."
In hacker-speak, "own" means to take control of a device.

Once he figured out how to take control of the kid-tracker, Bailey moved on to cars, which he said was more difficult but still not impossible.

"I couldn't just straight-up text message it and be like, 'Gimme yo' datas!' " he said, referring to the car parts. "So it was a little more work."

It's not all doom-and-gloom, though.

Bailey said manufacturers could purchase more expensive parts that would keep these types of hacks from being possible. He thinks industry associations should put out recommendations suggesting this approach, even though cost increases would be "highly significant."

"We have to," he said. "We have to find elegant ways to find that sweet spot between cost and security."

Black Hat is an annual gathering of hackers and security professionals in Las Vegas. Researchers hope that by showing off how to hack certain systems, the computer industry will take steps to make infrastructure and consumers safer.

From http://www.cnn.com/2011/TECH/mobile/08/03/black.hat.war.texting/index.html

**TJTJ** · 08-03-2011, 08:42 PM

Hack The Planet!

All your base are belong to us.

**LAM** · 08-03-2011, 08:58 PM

some security experts we have in charge of those things. phone, power and traffic systems should be kept on private networks w/o remote access.

**maniclion** · 08-03-2011, 09:16 PM

On-Star!

I know that BMWs can be unlocked remotely if you lock your keys in like my gf did with her X6. It had comfort access though, we traded that in since then for a 135 convertible w/o comfort access cause she liked my 1 series more than the X6. It could be the SOS emergency function now that I think about it...

**TJTJ** · 08-03-2011, 09:20 PM

@LAM: I agree but you know shit works. Not until someone does it they wont do anything about it. An example would be like the canal along side the highway. Not until a mother and child run off the road and drown do they decide to put up, what do you call them, guard rails or w/e.

If they dont have to spend the money they wont. Like when PlayStation Network was hacked and shut down. The software needed that would have protected the network would have only cost about 10k.

Plus with the advent of RFID chips, its only going to get crazier.

**LAM** · 08-03-2011, 10:18 PM

Originally Posted by TJTJ

@LAM: I agree but you know shit works. Not until someone does it they wont do anything about it. An example would be like the canal along side the highway. Not until a mother and child run off the road and drown do they decide to put up, what do you call them, guard rails or w/e.

If they dont have to spend the money they wont. Like when PlayStation Network was hacked and shut down. The software needed that would have protected the network would have only cost about 10k.

Plus with the advent of RFID chips, its only going to get crazier.

it's just like wireless (802.11x) ...I keep telling my clients it was not meant for corporate use no matter what they say now. I worked in the very first wifi cert lab in san jose with weca and we designed the test methodology for WiFi. I tell them if you want the public to have Internet access in waiting areas use public access from the local LEC (DSL), cable company, etc. don't tie that shit (WiFi enabled devices) into my network that "was" secure.

Thread: How to unlock a car with a text message

Thread Tools

Display

How to unlock a car with a text message

Similar Threads

SHR # 832 - Book Release: Unlock Your Muscle Gene :: Guest: Ori Hofmekler :: Unlock

A warning from Agent X through text message

Did you guys get a text message yesterday?

Text Message Spam

why unlock razer v3?

Posting Permissions