Car Theft Achieved Via Text Message -- but Don't Panic

Hackers who discovered the vulnerability are working with the car manufacturer to fix it.

A recent report by the Associated Press paints a frightening picture: Hackers have learned to unlock a car's doors and start its engine simply by sending text messages to the vehicle's security system.

Don Bailey and Mat Solnik, researchers from security firm iSec Partners, demonstrated the attack on a Subaru Outback, using a laptop to send their messages and break into the vehicle. The hack could apply to high-end security systems like OnStar, although Bailey and Solnik wouldn't reveal whose system they cracked.

"Their findings show that text messaging is no longer limited to short notes telling friends you're running late or asking if they're free for dinner," the AP snarks.

Like I said, scary stuff, but in reality, the cause for alarm is practically nil.

As the AP article goes on to explain, hackers need a specific phone number to break into an in-car security system. To get that number, they must run a certain kind of network administration program, which can probe for vulnerable security devices by make and model. Then, the thief must get close to the target vehicle and run a hacking tool to see if that car is using a vulnerable security system.

After all that effort, the car's steering wheel may still be mechanically locked, preventing the hacker from driving away after breaking in. If someone really wants to steal a car, there are plenty of other methods that sound a lot easier. Besides, Bailey and Solnik are already working with the maker of the security system they hacked to plug the holes.

Keep in mind that this high-tech car hack is just a proof of concept, and it's not the first. In March, researchers described using a Trojan horse on an audio CD to break a car's defenses. To my knowledge, no car theft epidemic has resulted from either of these methods.

Bailey and Solnik are more concerned with how their text message hack could be used for more nefarious purposes, such as hacking of ATMs, medical equipment or even power plants. Those are valid concerns, but if your car uses a high end security system, chances are it'll still be there when you get back from the parking lot.

Follow Jared on Facebook and Twitter as well as Today @ PCWorld for even more tech news and commentary.

Copyright © 2011 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022