Discover Yahoo! With Your Friends

Explore news, videos, and much more based on what your friends are reading and watching. Publish your own activity and retain full control.

To get started, first

YOUR FRIENDS' ACTIVITY

    Texting, grand theft auto style; alarms pose risk

    By JORDAN ROBERTSON - AP Technology Writer | AP – Fri, Aug 19, 2011

    SAN FRANCISCO (AP) — Texting and driving don't go well together — though not in the way you might think.

    Computer hackers can force some cars to unlock their doors and start their engines without a key by sending specially crafted messages to a car's anti-theft system. They can also snoop at where you've been by tapping the car's GPS system.

    That is possible because car alarms, GPS systems and other devices are increasingly connected to cellular telephone networks and thus can receive commands through text messaging. That capability allows owners to change settings on devices remotely, but it also gives hackers a way in.

    Researchers from iSEC Partners recently demonstrated such an attack on a Subaru Outback equipped with a vulnerable alarm system, which wasn't identified. With a laptop perched on the hood, they sent the Subaru's alarm system commands to unlock the doors and start the engine.

    Their findings show that text messaging is no longer limited to short notes telling friends you're running late or asking if they're free for dinner.

    Texts are a powerful means of attack because the devices that receive them generally cannot refuse texts and the commands encoded in them. Users can't block texts; only operators of the phone networks can.

    These devices are assigned phone numbers just like fax machines. So if you can find the secret phone number attached to a particular device, you can throw it off by sending your own commands through text messaging.

    Although these numbers are only supposed to be known by the devices' operators, they aren't impossible to find. Certain network-administration programs allow technicians to probe networks to see what kinds of devices are on them. Based on the format of the responses, the type and even model of the device can be deduced. Hackers can use that information to craft attacks against devices they know are vulnerable. (In this case, the researchers bypassed these steps and simply took the alarm system out of the car to identify the secret phone number.)

    Actually stealing a car wouldn't be so easy.

    You'd have to ensure that the phone number you found is attached to the car you're standing in front of, for instance. There are hacking tools to do that — they listen for cellular traffic around a particular vehicle — but in many cases it's easier to take a car that doesn't have an alarm.

    The research from Don Bailey and Mat Solnik is unsettling because it shows that such attacks are possible on a variety of other devices that use wireless communications chips. Those include ATMs, medical devices and even traffic lights. Hackers have already sent specially crafted texts with commands to instantly disconnect iPhones from the cellular network.

    Bailey, whose specialty is cellphone network security, also found that similar techniques can be used to get a certain type of GPS system to cough up its location data. Such information can be used by stalkers or home burglars, for instance.

    The type of GPS system he studied is known as assisted GPS, which means that it uses cellular signals in addition to the usual satellite signals. That makes the system vulnerable.

    The research isn't just about taking off with someone else's car or finding out where that person has been.

    It raises the possibility of other, more sinister dangers, such as those potentially affecting braking and acceleration, said Scott Borg, director of the U.S. Cyber Consequences Unit, a group that studies hacking threats. That becomes possible as networked electronics are more tightly coupled with physical machinery.

    "Doing one that is harmful is quite hard, but we need to prepare for people doing that," Borg said.

    The research got the attention of a trade group for electric utilities, the North American Electric Reliability Corp. After the pair showed off the techniques at the Black Hat security conference in Las Vegas this month, the group warned that the types of wireless chips exploited by the pair are also used at power plants and said that more caution is needed in their use.

    The vulnerable GPS system was made by Zoombak Inc., which promotes its products' usefulness in tracking children and automobiles. The company said it has made changes to its devices, so that outside parties can no longer get location data without passwords.

    Bailey and Solnik are working with the manufacturer of the car alarm system to fix its vulnerabilities. Bailey said the unidentified manufacturer has fixed many of the security issues.

    Bailey said stricter security standards are needed.

    "We're so excited to use technology that we're deploying it too quickly and not really thinking about the impact of security," he said.

    ___

    Online:

    Video demonstration of attack: http://bit.ly/n6axTv

     

    56 comments

    • Kulahptik
      Kulahptik  •  9 mths ago
      Lol, "It raises the possibility of other, more sinister dangers, such as those potentially affecting braking and acceleration" which would not have been a problem at all if the automakers did not start using "fly by wire" systems. bring back the throttle cable and manual brakes, they work and feel better anyway and we have 100 year old working examples of those kind. but then the government wouldn't be able to turn off our vehicles with a button so i guess we need to just live with the fact putting our lives at risk is an acceptable cost for their control.
    • phoenix
      phoenix  •  9 mths ago
      all the more reason to make cell phones act more like the computers they really are. don't want a number calling or texting you? give us the option to block it directly! come on, this is 2011...
    • Paul
      Paul  •  9 mths ago
      Gotta love the product placement with the computer....
    • Dave
      Dave  •  9 mths ago
      If some socially retarded hacker has the ability to do this then you know the government does as well. Big Brother is watching you...
    • Grant
      Grant  •  9 mths ago
      Cool.
    • G
      G  •  9 mths ago
      Just pull the fuse(s) for the wireless. Who really needs half of that garbage?
      • K Mac
        K Mac 9 mths ago
        It's a little more complicated than that. Wireless communications in autos also include things such as tire pressure monitoring. Theoretically, any communication path into the system could be exploited via malformed communications packets. This has been proven myriad times in web browsers. The real story here is that auto manufacturers (and their suppliers) have been oblivious to even the most basic security hygiene because they simply don't understand the threat. With so many cars on the road with unknown vulnerabilities, this will get worse before it gets better.
    • R.T. Arcand
      R.T. Arcand  •  9 mths ago
      Well aimed rifle is useful if you realize it's happening. Easier to dump the body than to repair the damage to the car.
    • Jerry
      Jerry  •  9 mths ago
      Try that to a 1909 model T!
    • TexasRox
      TexasRox  •  9 mths ago
      And now you can see another reason why buying a 67 Impala is the best choice for me, hahahahahahahahahahahahahahahahaha I'd like to see that car get hacked or something...
      • Grim Reaper
        Grim Reaper 9 mths ago
        Get a clue Tex. You've never heard of hot wiring? ha ha ha ha
    • Liyao
      Liyao  •  9 mths ago
      Oh Man, Got facebook? they got your data. Got email? they sold your add. Got a smartphone? It tracks you. Got a laptop? They give out your IP address. Got a techie car? It gives out info too. I mean is it just me or there will come a time when toilet paper can ANALyze your stool? What's up with this personal info stuff? And why do people complain about it yet use them at the same time?? And these car alarms safety locks - it WILL NOT matter if someone REALLY wantS to break into your car! Why not bring the wheels inside the office with you or take out the steering wheel or better yet, park beside your office table or work inside your car.
    • Wnt
      Wnt  •  9 mths ago
      Why aren't the consumers standing up to their right not to have a Big Brother car? These stupid spy toys don't offer anything very important, and you'd think _someone_ would stand up for the old American ideals, or at least, saw the new Battlestar Galactica series.
      • Arnold
        Arnold 9 mths ago
        The reason is simple: it's the All-American demand for "convenience", coupled with laziness that keeps these kinds of systems in demand. Nowadays, we won't expend a single ounce more effort than we think we have to. If this means we give up our personal privacy or open ourselves up to mischief as a result of using these systems, well, who cares; at least we don't have to exert ourselves.
      • Grant
        Grant 9 mths ago
        You don't like it? How about don't buy one of those fancy cars. Try buying an economy car. I bet those don't have all of that fancy hackable stuff on them.
    • Wnt
      Wnt  •  9 mths ago
      This article didn't even mention the famous ad slogan, "You talk, Sync listens".
    • Illiteracy_ iz_ kewl
      Illiteracy_ iz_ kewl  •  9 mths ago
      Stupid News. Ever hear of a crowbar ?
    • Paul Paar
      Paul Paar  •  9 mths ago
      idiots
    • Jeremy
      Jeremy  •  9 mths ago
      Hackers are big ol' meanie heads or Asians.
      • D G
        D G 9 mths ago
        and u must b a dumb hick!
      • Lutetia Vollintine
        Lutetia Vollintine 9 mths ago
        Jeremy anybody can be a hacker you ignorant idiotic dimwit.
    • Bryan
      Bryan  •  9 mths ago
      I can text to ATM and get cash out of ATM :)
      • CircutC
        CircutC 9 mths ago
        lol then you have to run over there and grab the money before someone takes it!
    • MMcG
      MMcG  •  9 mths ago
      ..And someone with these skills is gonna be out stealing cars? #$%$ Gimmie a break yahoo! Just because it's possible to do doesn't mean it's happening! Nice fear mongering, though.
    • yahoo user
      yahoo user  •  9 mths ago
      Love how the article mentions a subaru but the pictures show a honda civic.
    • a citizen
      a citizen  •  9 mths ago
      I can reamember when all we had to worry about was keeping our bird and coyote call codes secret from the settlers and army. like two crow calls at midnight meant I am in position to attack the pale face camp. A favorite was 3 coyote howels followed by one owl hoot, That meant attack the ugly pale face camp on next bull frog croak. How times have changed.
    • A Yahoo! User  •  9 mths ago
      I would think the guy placing his laptop on the hood of someones car was trolling for a butt whooping. I also think it's hard to hack a code with Bubba beatin you to a pulp, for scratchin his hood with your laptop. Here's a simple thought to defeat the hackers, disable the wireless entry function and use a key!
     Post a comment
    [ [ [['Connery is an experienced stuntman', 2]], 'http://yhoo.it/KeQd0p', '[Slideshow: See photos taken on the way down]', ' ', '630', ' ', ' ', ], [ [['Connery is an experienced stuntman', 7]], ' http://yhoo.it/KpUoHO', '[Slideshow: Death-defying daredevils]', ' ', '630', ' ', ' ', ], [ [['know that we have confidence in', 3]], 'http://yhoo.it/LqYjAX ', '[Related: The Secret Service guide to Cartagena]', ' ', '630', ' ', ' ', ], [ [['We picked up this other dog and', 5]], 'http://yhoo.it/JUSxvi', '[Related: 8 common dog fears, how to calm them]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 5]], 'http://bit.ly/JnoJYN', '[Related: Did WH share raid details with filmmakers?]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 3]], 'http://bit.ly/KoKiqJ', '[Factbox: AQAP, al-Qaeda in Yemen]', ' ', '630', ' ', ' ', ], [ [['have my contacts on or glasses', 3]], 'http://abcn.ws/KTE5AZ', '[Related: Should the murder charge be dropped?]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 5]], 'http://yhoo.it/JD7nlD', '[Related: Bristol Palin reality show debuts June 19]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 1]], 'http://bit.ly/JRPFRO', '[Related: McCain adviser who vetted Palin weighs in on VP race]', ' ', '630', ' ', ' ', ], [ [['A JetBlue flight from New York to Las Vegas', 3]], 'http://yhoo.it/GV9zpj', '[Related: View photos of the JetBlue plane in Amarillo]', ' ', '630', ' ', ' ', ], [ [['the 28-year-old neighborhood watchman who shot and killed', 15]], 'http://news.yahoo.com/photos/white-house-stays-out-of-teen-s-killing-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120411/martinzimmermen.jpg', '630', ' ', 'AP', ], [ [['Titanic', 7]], 'http://news.yahoo.com/titanic-anniversary/', ' ', 'http://l.yimg.com/a/p/us/news/editorial/b/4e/b4e5ad9f00b5dfeeec2226d53e173569.jpeg', '550', ' ', ' ', ], [ [['He was in shock and still strapped to his seat', 6]], 'http://news.yahoo.com/photos/navy-jet-crashes-in-virginia-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120406/jet_ap.jpg', '630', ' ', 'AP', ], [ [['xxxxxxxxxxxx', 11]], 'http://news.yahoo.com/photos/russian-grannies-win-bid-to-sing-at-eurovision-1331223625-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/a/p/us/news/editorial/1/56/156d92f2760dcd3e75bcd649a8b85fcf.jpeg', '500', ' ', 'AP', ] ]
    [ [ [['did not go as far his colleague', 8]], '29438204', '0' ], [ [[' the 28-year-old neighborhood watchman who shot and killed', 4]], '28924649', '0' ], [ [['because I know God protects me', 14], ['Brian Snow was at a nearby credit union', 5]], '28811216', '0' ], [ [['The state news agency RIA-Novosti quoted Rosaviatsiya', 6]], '28805461', '0' ], [ [['measure all but certain to fail in the face of bipartisan', 4]], '28771014', '0' ], [ [['matter what you do in this case', 5]], '28759848', '0' ], [ [['presume laws are constitutional', 7]], '28747556', '0' ], [ [['has destroyed 15 to 25 houses', 7]], '28744868', '0' ], [ [['short answer is yes', 7]], '28746030', '0' ], [ [['opportunity to tell the real story', 7]], '28731764', '0' ], [ [['entirely respectable way to put off the searing constitutional controversy', 7]], '28723797', '0' ], [ [['point of my campaign is that big ideas matter', 9]], '28712293', '0' ], [ [['As the standoff dragged into a second day', 7]], '28687424', '0' ], [ [['French police stepped up the search', 17]], '28667224', '0' ], [ [['Seeking to elevate his candidacy back to a general', 8]], '28660934', '0' ], [ [['The tragic story of Trayvon Martin', 4]], '28647343', '0' ], [ [['Karzai will get a chance soon to express', 8]], '28630306', '0' ], [ [['powerful storms stretching', 8]], '28493546', '0' ], [ [['basic norm that death is private', 6]], '28413590', '0' ], [ [['songwriter also saw a surge in sales for her debut album', 6]], '28413590', '1', 'Watch music videos from Whitney Houston ', 'on Yahoo! Music', 'http://music.yahoo.com' ], [ [['keyword', 99999999999999999999999]], 'videoID', '1', 'overwrite-pre-description', 'overwrite-link-string', 'overwrite-link-url' ] ]

    News For You

    Loading...