You can add this to the list of things you didn’t know you needed to worry about.
Computer hackers can force some cars to unlock their doors and start their engines without a key by sending specially crafted messages to a car’s anti-theft system. They can also snoop at where you’ve been by tapping the car’s GPS system.
That is possible because car alarms, GPS systems and other devices are increasingly connected to cellular telephone networks and thus can receive commands through text messaging. That capability allows owners to change settings on devices remotely, but it also gives hackers a way in.
Researchers from iSEC Partners recently demonstrated such an attack on a Subaru Outback equipped with a vulnerable alarm system, which wasn’t identified. With a laptop perched on the hood, they sent the Subaru’s alarm system commands to unlock the doors and start the engine.
Sounds scary! But PC World puts it into context.
As the AP article goes on to explain, hackers need a specific phone number to break into an in-car security system. To get that number, they must run a certain kind of network administration program, which can probe for vulnerable security devices by make and model. Then, the thief must get close to the target vehicle and run a hacking tool to see if that car is using a vulnerable security system.
After all that effort, the car’s steering wheel may still be mechanically locked, preventing the hacker from driving away after breaking in. If someone really wants to steal a car, there are plenty of other methods that sound a lot easier. Besides, Bailey and Solnik are already working with the maker of the security system they hacked to plug the holes.
Keep in mind that this high-tech car hack is just a proof of concept, and it’s not the first. In March, researchers described using a Trojan horse on an audio CD to break a car’s defenses. To my knowledge, no car theft epidemic has resulted from either of these methods.
So don’t sweat it too much for now. Two things to add. One, not to get all tinfoil hatty on you, but if this capability exists, it’s the government that’s most likely to figure out how best to capitalize on it. Not because they want to steal your car, but because your car’s GPS can be hacked in similar fashion, and that information could be of interest to them. And two, since the story also mentioned the possibility of hackers messing with a car’s computer-controlled systems, such as the brakes, it’s just a matter of time before this becomes a key plot element in a mystery or thriller novel. As a fan of that genre, I like to keep abreast of the coming attractions.