Blog‎ > ‎

How to unlock and start a car - with a text message

posted 5 Aug 2011, 10:57 by Jamie Condliffe

Thought your shiny new car looked pretty impregnable? Think again. Two researchers have shown that they can unlock a car  - and even start the engine - using a simple text message.

Don Bailey and Matthew Solnik, researchers at iSEC Partners presented their work at the Black Hat 2011 security conference in Las Vegas, explaining how they can use an Android phone to carry out a  technique they've dubbed "war-texting". The new technique relies on intercepting text messages, which many devices use to send commands or even firmware (permanent software programmed into a read-only memory) updates.

By setting up a local GSM network in the vicinity of a Subaru Outback, the team were able to intercept password authentication messages sent between the electronic key fob and the vehicle. What happens next is not exactly known, because the researchers haven't divulged all their secrets as a courtesy to the manufacturer. 

However, what we do know is that intercepting those authentication messages allowed the team to understand the basic commands required to communicate with the security system of the car. Once they knew those details, they were able to send their own messages to the system in order to reverse-engineer the firmware - effectively learning how the entire device works. 

From there, they could work out which commands were useful, and write their own messages to send that could unlock - and even start the engine of - the car. The whole process took them just a matter of hours. The team haven't gone into detail about which other cars might share these vulnerabilities, but the communication devices built into the vehicle are generic items - so the chances are that the problem could be widespread.