“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
SAN FRANCISCO (AP) — Texting and driving don’t go well together –
though not in the way you might think.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Computer hackers can force some cars to unlock their doors and
start their engines without a key by sending specially crafted
messages to a car’s anti-theft system. They can also snoop at where
you’ve been by tapping the car’s GPS system.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
That is possible because car alarms, GPS systems and other devices
are increasingly connected to cellular telephone networks and thus
can receive commands through text messaging. That capability allows
owners to change settings on devices remotely, but it also gives
hackers a way in.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Researchers from iSEC Partners recently demonstrated such an attack
on a Subaru Outback equipped with a vulnerable alarm system, which
wasn’t identified. With a laptop perched on the hood, they sent the
Subaru’s alarm system commands to unlock the doors and start the
engine.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Their findings show that text messaging is no longer limited to
short notes telling friends you’re running late or asking if
they’re free for dinner.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Texts are a powerful means of attack because the devices that
receive them generally cannot refuse texts and the commands encoded
in them. Users can’t block texts; only operators of the phone
networks can.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
These devices are assigned phone numbers just like fax machines. So
if you can find the secret phone number attached to a particular
device, you can throw it off by sending your own commands through
text messaging.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Although these numbers are only supposed to be known by the
devices’ operators, they aren’t impossible to find. Certain
network-administration programs allow technicians to probe networks
to see what kinds of devices are on them. Based on the format of
the responses, the type and even model of the device can be
deduced. Hackers can use that information to craft attacks against
devices they know are vulnerable. (In this case, the researchers
bypassed these steps and simply took the alarm system out of the
car to identify the secret phone number.)
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Actually stealing a car wouldn’t be so easy.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
You’d have to ensure that the phone number you found is attached to
the car you’re standing in front of, for instance. There are
hacking tools to do that – they listen for cellular traffic around
a particular vehicle – but in many cases it’s easier to take a car
that doesn’t have an alarm.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The research from Don Bailey and Mat Solnik is unsettling because
it shows that such attacks are possible on a variety of other
devices that use wireless communications chips. Those include ATMs,
medical devices and even traffic lights. Hackers have already sent
specially crafted texts with commands to instantly disconnect
iPhones from the cellular network.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Bailey, whose specialty is cellphone network security, also found
that similar techniques can be used to get a certain type of GPS
system to cough up its location data. Such information can be used
by stalkers or home burglars, for instance.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The type of GPS system he studied is known as assisted GPS, which
means that it uses cellular signals in addition to the usual
satellite signals. That makes the system vulnerable.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The research isn’t just about taking off with someone else’s car or
finding out where that person has been.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
It raises the possibility of other, more sinister dangers, such as
those potentially affecting braking and acceleration, said Scott
Borg, director of the U.S. Cyber Consequences Unit, a group that
studies hacking threats. That becomes possible as networked
electronics are more tightly coupled with physical
machinery.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
“Doing one that is harmful is quite hard, but we need to prepare
for people doing that,” Borg said.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The research got the attention of a trade group for electric
utilities, the North American Electric Reliability Corp. After the
pair showed off the techniques at the Black Hat security conference
in Las Vegas this month, the group warned that the types of
wireless chips exploited by the pair are also used at power plants
and said that more caution is needed in their use.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
The vulnerable GPS system was made by Zoombak Inc., which promotes
its products’ usefulness in tracking children and automobiles. The
company said it has made changes to its devices, so that outside
parties can no longer get location data without
passwords.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Bailey and Solnik are working with the manufacturer of the car
alarm system to fix its vulnerabilities. Bailey said the
unidentified manufacturer has fixed many of the security
issues.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Bailey said stricter security standards are needed.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
“We’re so excited to use technology that we’re deploying it too
quickly and not really thinking about the impact of security,” he
said.
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
—
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Online:
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“font-family: Arial, Helvetica, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;”>
Video demonstration of attack:Ā “text-decoration: none; color: #000066;” href=
“http://bit.ly/n6axTv” target=
“-blank”>http://bit.ly/n6axTv
“font-family: Verdana, Times, serif; font-size: 12px; text-decoration: none; line-height: 13px; color: #000000; font: normal normal normal 12px/normal verdana, helvetica, arial;”>
“text-decoration: none; color: #000066;” rel=”item-license” name=
“e39ec6c0-44a1-442f-8505-c3e8bef5afcd” href=
“http://hosted.ap.org/dynamic/stories/U/US_TEC_AUTO_THEFT_BY_TEXTING?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2011-08-19-10-12-31#e39ec6c0-44a1-442f-8505-c3e8bef5afcd”> Ā© 2011Ā The
Associated Press may not be published, broadcast, rewritten or
redistributed. “http://hosted2.ap.org/APDEFAULT/privacy”>Privacy
Policy
