Hackers break into a Subaru Outback using nothing but a smartphone.
Today’s cars are loaded with digital technology, from the engine controllers that maximize mileage while reducing emissions, to their increasingly popular multi-function infotainment systems. But have these silicon-based devices also made our cars increasingly vulnerable to high-tech thieves?
That’s the chilling message delivered by two researchers who appeared at the Black Hat Conference, an annual gathering of hackers and security pros in Las Vegas, this last week. Using nothing but an Android smartphone and some creative programming, they were able to not only unlock a Subaru Outback but start up its engine.
“I could care less if I could unlock a car door. It’s cool. It’s sexy,” Don Bailey, a senior security consultant with iSEC Partners and one of the pros who hacked the car, told CNN. “But the same system is used to control phone, power, traffic systems. I think that’s the real threat.”
To pull off their experiment, Bailey and his partner used a technique called “war texting” to intercept the password used by the car they hijacked. That’s not supposed to be possible, according to auto industry officials who – not surprisingly – have tried to ease consumer concerns that the increasing reliance on remote key fobs and other digital gizmos might pose a threat to safety and security.
Luckily, the two hackers are not part of an organized theft ring; they said they would not release information on how they got into the Subaru until the maker – and others – institute additional security measures.
But their efforts clearly are unnerving industry officials – and others, especially in the wake of steadily increased hacking efforts. A new report indicates that 100s of government and business computers have been attacked recently, ZNET.com describing the campaign as a sort of “digital Pearl Harbor” akin to electronic war. Another loose-knit group of hackers, this past weekend, revealed it had tapped into dozens of law enforcement servers in the U.S., posting personal e-mails and other data that, in some cases, could compromise ongoing criminal investigations.
Car thieves have, in recent years, watched as high-tech systems, such as OnStar and various stolen vehicle recovery systems and electronic immobilizers, have made it more and more difficult to steal the newest cars. Theft rates have steadily gone down, as TheDetroitBureau.com has reported, and the most popular vehicles for thieves are now some of the oldest models on the road – such as the 1994 Honda Accord and ’95 Civic.
(For more on the most frequently stolen cars, Click Here.)
But the demonstration at the Black Hat Conference presents the possibility that tomorrow’s car thieves will trade their key blanks and crowbars for keyboards and smartphones, gaining access to the newest models that haven’t been properly programmed to prevent hackers from gaining access.