Posted on: Aug 08, 2011 | 3,005 reads

A Very Expensive Text Message: Hackers Unlock Subaru Using Android

A duo of security researchers from iSec Parnters demonstrate how easy it can be to unlock a Subaru Outback by using text messages.
Hackers have given new definition to the phrase "search engine optimization," this time by hacking into a Subaru and starting the engine using an Android phone. Two security researchers from iSec Partners demonstrated at the Black Hat security conference in Las Vegas that they could unlock a Subaru Outback and start the engine simply by using an Android. Black Hat is a search method that gives hackers or users practicing unethical searches a chance to manipulate the search engines.
One-Off Ferrari SP America Leaked: Possible F12 Ta... Has Mercedes Just Re-Skinned the BMW X6? Porsche GT3 Buyers Unhappy with Recall Compensatio...
The security researchers have given new definition to manipulating the engine, but this time it's not Google, but in fact Subaru, and the engine produces horsepower instead of search results. With the Android, Don Bailey and Matthew Solnik used a technique known as "war texting," which is a method that allowed them to intercept the password authentication messages between the server and the car. You would think a process like this would take months or years to master, but it only took them a couple of hours to unlock the Outback.
A Very Expensive Text Message: Hackers Unlock Subaru Using Android
The pair also said that their technique could be used to attack plenty of other systems including traffic control systems and security cameras that receive firmware updates via text messages. This same method can also be used to attack SCADA sensors, which would disrupt the power grid and water supply. Bailey said that he could care less about unlocking a car door but stated that the real threat was with the phone, power and traffic systems. Neither of the guys would go into detail about the hack nor admit which cars are vulnerable until the manufacturers have had a chance to correct the issues.
Several major automakers such as BMW, GM and Mercedes all offer similar remote-control apps. This experiment was not the first time security researchers have played around at controlling cars remotely. In May of 2010, a team from the University of Washington exploited a diagnostic computer system known as the Controller Area Network to operate car locks remotely and disable their brakes. We can only hope that if you Google Subaru Outback security, these guys won't be on top of the search results.
A Very Expensive Text Message: Hackers Unlock Subaru Using Android

31 comments - view full discussion
Related cars: