Hackers use texts to disarm car anti-theft systems

August 20, 2011 at 12:00a.m.

Associated Press

SAN FRANCISCO

Texting and driving don’t go well together — though not in the way you might think.

Computer hackers can force some cars to unlock their doors and start their engines without a key by sending specially crafted messages to a car’s anti-theft system. They can also snoop at where you’ve been by tapping the car’s GPS system.

That is possible because car alarms, GPS systems and other devices increasingly are connected to cellular-telephone networks and thus can receive commands through text messaging. That capability allows owners to change settings on devices remotely, but it also gives hackers a way in.

Researchers from iSEC Partners recently demonstrated such an attack on a Subaru Outback equipped with a vulnerable alarm system, which wasn’t identified. With a laptop perched on the hood, they sent the Subaru’s alarm system commands to unlock the doors and start the engine.

Their findings show that text messaging no longer is limited to short notes telling friends you’re running late or asking if they’re free for dinner.

Texts are a powerful means of attack because the devices that receive them generally cannot refuse texts and the commands encoded in them. Users can’t block texts; only operators of the phone networks can.

These devices are assigned phone numbers just like fax machines. So if you can find the secret phone number attached to a particular device, you can throw it off by sending your own commands through text messaging.

Although these numbers are supposed to be known only by the devices’ operators, they aren’t impossible to find. Certain network-administration programs allow technicians to probe networks to see what kinds of devices are on them.

Based on the format of the responses, the type and even model of the device can be deduced. Hackers can use that information to craft attacks against devices they know are vulnerable. (In this case, the researchers bypassed these steps and simply took the alarm system out of the car to identify the secret phone number.)