Friday, August 26, 2011

Hacking Cars

Imagine how scary it would be to be inside a car that was under the control of someone outside the vehicle, who could make it do whatever he wanted, even drive you off a cliff. Nervous yet?
An interesting viral Web video making the rounds since the Black Hat cybersecurity conference earlier this month depicts two researchers from iSEC Partners (a San Francisco-based security firm) breaking into a 1998 Subaru Outback via their PC. In less than 60 seconds, they wirelessly find the car’s security system module, bypass it and start the engine remotely.

iSEC researchers Don Bailey and Mat Solnik claim to be able to hack their way into a securely locked car because its alarm relies on a cell phone or satellite network that can receive commands via text messaging. Devices connecting via a cellular or satellite network are assigned the equivalent of a phone number or Web address. If hackers can figure out the number or address for a particular car, they could use a PC to send commands via text messages that instruct the car to disarm, unlock and start. . . .

The researchers acknowledge that stealing a particular car would be difficult because you would have to know that car’s number or address, neither of which are easy to find. What bothers them more is that wireless-enabled systems are showing up not just in cars but also in Supervisory Control and Data Acquisition systems that control and secure power plants, water-treatment facilities and other components of the nation’s critical infrastructure.

At the very least this ought to make a great scary movie scene.

No comments: