Vehicle Remote Starting and Door Unlocking Can be Hacked
Recently, a security systems consultant demonstrated that the technology used to link a car to a smart phone can be hacked to gain control of these vehicle functions. The demonstration showed that the wireless communication protocols between a server and a vehicle can be intercepted allowing a hacker to “reverse engineer” the encrypted software protocols. Once the software protocols are replicated, a hacker can maliciously communicate with a vehicle to unlock doors or start the engine.
Most of us have seen the commercials of customers’ remotely unlocking car doors or remotely starting an engine using their smart phone while sitting on a plane or even in another country. These mobile applications involve using a smart phone to connect to a server, which then sends encrypted numerical keys to the car to authenticate itself and trigger one of these functions.
Recently, a security systems consultant demonstrated that the technology used to link a car to a smart phone can be hacked to gain control of these vehicle functions using a laptop computer. The demonstration showed that the wireless communication protocols between a server and a vehicle can be intercepted allowing a hacker to “reverse engineer” the encrypted software protocols. Once the software protocols are replicated, a hacker can maliciously communicate with a vehicle to unlock doors or start the engine.
Ad Loading...
The security systems consultant – Don A. Bailey – works for the security company iSec Partners, Inc. (www.isecpartners.com). On Aug. 3, he gave a presentation entitled, “War Texting: Identifying and Interacting with Devices on the Telephone Network,” at the Black Hat USA, a conference of security professionals, which was held in Las Vegas. The Black Hat USA conference featured 50 technical security presentations discussing software and system vulnerabilities. The presentation given by Bailey demonstrated mobile-networking vulnerabilities in automobiles that would allow an attacker to surreptitiously capture the software protocols used to remotely control vehicle functions, such as unlocking doors or starting an engine. This was achieved by intercepting wireless communications between a car and a server, then reverse engineering the software protocols. This is a technically complex procedure, which Bailey referred to as “war texting.” The term “war texting” is a take-off on another hacking technique called “war driving,” which involves driving around a city capturing data being transmitted on wireless networks.
Bailey said he and his fellow researcher Mat Solnik successfully hacked two vehicles, but did not reveal complete technical details in order to allow the OEMs to develop a “patch.” The purpose was to show it is possible to hack a vehicle and to demonstrate how an experienced hacker could do so relatively quickly. The researchers stated they were able to hack (or reverse engineer) the protocols in about two hours. At the conference, Bailey revealed that a Subaru Outback was “hacked” to unlock its doors and start the engine. An ad hoc GSM (global system for mobile communications) network was set up. By posing as an authorized server, the researchers were able to send rogue commands via a laptop computer and communicate directly with the in-car system. (To view a demonstration of “war texting,” you can view the video below.)
A Problem that Goes Beyond Automobiles
War texting isn’t restricted to automobiles. There are numerous devices that are accessible via the telephone network. These devices receive control messages over the telephone network in the form of text messages (SMS) or GPRS (general packet radio service) data to trigger specific actions.
During the presentation, Bailey stated the same methodology could be used to control similar systems used in traffic signals, security cameras, and power grids. Some industrial control systems rely on GSM networks to send and receive commands. For instance, cellular networks are utilized by SCADA (supervisory control and data acquisition) systems that monitor and control industrial infrastructure or facility-based processes, such as by controlling valves and gears. A recent example of malicious mal-ware directed at a SCADA system was the mysterious Stuxnet virus, which crippled the Iranian nuclear reactor at Bushehr.
As vehicles become more hi-tech and are increasingly connected to the Internet or the cellular grid, it will become easier for thieves to break into vehicles using laptops to hack into the integrated in-vehicle technology. Engineers are hard at work to implement security protocols to minimize a device’s exposure to outside threats. One problem is that devices connected to the phone network cannot be easily “firewalled” from potential attackers as can Internet-enabled systems.
Ad Loading...
Last year, an earlier independent study similarly showed how automotive software is as vulnerable to malicious hackers as the average PC. The report entitled, “Experimental Security Analysis of a Modern Automobile,” was presented in May 2010 at the IEEE Symposium on Security and Privacy by a team from the University of Washington and the University of California, San Diego. The research paper demonstrated how a sophisticated hacker could wreak havoc on a vehicle by manipulating the in-vehicle computer network or remotely accessing it via its wireless connectivity to the Web.
For example, by accessing the various electronic control modules (ECM) or engine control module, the researchers were able to manipulate the fuel level gauge, falsify the speedometer reading, display arbitrary dashboard messages, dial-up the heat or A/C, lock passengers in the car, continuously blare the horn, pop the hood, turn off the lights, activate the wind-shield wipers, disable the brakes, selectively brake individual wheels on demand, and stop the engine. In addition, after deploying these malicious software commands, the team successfully erased any evidence of tampering.
As vehicle connectivity increases and cars are increasingly connected to cell grids and the Internet, vehicles will be increasingly vulnerable to hacking, in ways we never imagined. A new generation of “cyber-crooks” will emerge who can potentially send malicious messages to trigger actions for nefarious purposes.
The challenge for OEMs will be identifying these threats be-fore they occur, but it is becoming increasingly apparent that we are entering a brave new world of automotive fleet management.
During this period of ongoing supply constraints, the trust that fleet managers had with OEMs, upfitters, and dealers has been strained. Fleet managers say they have had too many experiences over the past three years coping with erroneous information, adjusting to multiple price increases, and feeling betrayed by inadequate transparency from suppliers.
The ongoing difficulty in sourcing replacement vehicles is forcing companies to extend the service lives of vehicles that are unable to be replaced, which, inevitably, increases unscheduled maintenance expenses.
Fleet simplification identifies asset functions to uncover commonality among the equipment and assets. Simplification increases operational efficiency as end-users become accustomed to the controls, displays, and operation of less diverse units.
A fleet policy is a living document, flexible enough to adapt to evolving business priorities, developing industry trends, and changing industry best practices and standards.
Corporate procurement staff are often driven by short-term, immediate cost reductions. However, a longer perspective to soft cost savings is critical because fixating on short-term results will hurt a company in the long run.
Fleet data analysis can identify recurring downtime issues. It’s important to determine the root causes of downtime so procedures can be developed to minimize such problems.
Vehicle weight relates directly to fuel economy. In today’s era of electrification, there is also a direct correlation between vehicle weight and battery range.
The line between creative thinking and problem solving and doing what the data indicates is thin. To lead in fleet management, you need to balance understanding the fundamentals and embracing what smart technology offers.
