[2010 LTZ]

Two hackers have found a way to unlock cars that use remote control and telemetry systems like BMW Assist, GM OnStar, Ford Sync, and Hyundai Blue Link.

Don Bailey and Mathew Solnik, both employees of iSEC say that the systems that communicate with the automaker’s remote servers via mobile networks like GSM and CDMA can be hacked. The pair are about to deliver their findings at next week’s Black Hat USA conference in Las Vegas in a briefing entitled “War Texting: Identifying and Interacting with Devices on the Telephone Network.”

They will not give out too many details of the attack won’t be disclosed until the affected manufacturers have had a chance to fix their systems. What they do is creating their own GSM network using off-the-shelf parts and sniffing the traffic sent between car and server. While the cars use a proprietary protocol it is not difficult to reverse engineer and send control messages from a laptop to the car to disable the alarm and unlock the doors.

What will GM do? :banghead:

Source http://www.fudzilla.com/home/item/23572-hackers-can-unlock-your-car

 

[fourmoremarine]

What will GM do? :banghead:

Source http://www.fudzilla.com/home/item/23572-hackers-can-unlock-your-car

Keys and knobs worked before....

 

[RIT333]

What will GM do? :banghead:

Source http://www.fudzilla.com/home/item/23572-hackers-can-unlock-your-car

probably same strategy as the 4-cyl engine noise. they will ignore it, and hopefully it will go away !

:banghead:

 

[sumr616]

Anybody with a screwdriver can unlock your car as well, and destroy your door lock so that any key unlocks it. Jam the screwdriver into the lock, done. Not all car alarms would go off by this either. Seen people do it...and then watched them get chased down by the cops because it was a bait car.

 

[gmiemigrad]

Source http://www.fudzilla.com/home/item/23572-hackers-can-unlock-your-car

Couple of comments.

First - They can't drive your car away by doing this. They can start it but that is all. You still have to have the key to drive it since they are not overiding the vehicle anti-theft system (PassKey), just the remote start and lock/unlock app.

Second - since they haven't released the technique or technology - we do not know the extent at which this can be perfomed. When an issue like this came up before - the hackers had to actually be near the vahicle to know who's car and cell phone was being used and then intercept the communication to get the security information. Can these guys go to any car and just overide the system randomnly??? Unless they can do that - the risk is pretty low. Note that the article says they have to "sniff" the communications traffic between the car and server.

Third - just like sumr616 said - screwdriver or slide hammer works just fine to pop a lock in seconds (I know - I have experienced this on a previous vehicle). Let's face it - most of the people who want to break into your car and steal something are common thieves, kids, and people looking for drug money. They are not going to have the technology to make this work, and someone who might have the technology would get a much bigger take breaking into something other than a car that may not have anything valuable in it. BTW - smashing a window works well too since by the time someone hears it and the police get there - the person is long gone.

Fourth - Most thefts are crimes of opportunity. Most break ins are not break ins - they are people who leave their car unlocked anyways. 99% of the thefts out of vehicles where I live are unlocked cars with Ipods, laptops, etc. in them. If you are dumb enough to leave an item of value in your car in plain sight - you deserve to lose it.

Fifth - is somone really going to go around randomnly trying to unlock cars and risk getting caught trying to find a car with something worth stealing in it? Keep valuables out of sight and they will move on to a vehicle that is a better target.

 

[rbarrios]

well if they are able to remote start your car--
it will run.

The thiefs most likely would not have your keys or FOB...

But have you seen what happens to a remote started car that is running and one of the doors is opened WITHOUT a key/ and or FOB
It shuts down and displays this.
(on my 2010 Traverse)

 

[Old Salt]

well if they are able to remote start your car--
it will run.

However, without the key in the ignition, and turned, the gear selector will not move, and the car will shut down after 10 minutes of idling. It can be remotely re-started once more only, until the key is inserted and turned.

 

[sumr616]

well if they are able to remote start your car--
it will run.

The thiefs most likely would not have your keys or FOB...

But have you seen what happens to a remote started car that is running and one of the doors is opened WITHOUT a key/ and or FOB
It shuts down and displays this.
(on my 2010 Traverse)

Ha- that also shows up when you lock the car from the inside, and open the door to get out 10 minutes later. ...Yea, that happened... alarm went off, and once I started it back up, that message displayed.

 

[gmiemigrad]

well if they are able to remote start your car--
it will run.
The thiefs most likely would not have your keys or FOB...
But have you seen what happens to a remote started car that is running and one of the doors is opened WITHOUT a key/ and or FOB
It shuts down and displays this.
(on my 2010 Traverse)

Yes - it will run but they can't drive it away without hacking the PassKey system and/or peeling the column (that was really easy on older pre-2000 GM cars)

BTW - if they can remote start it they can also remote unlock it. You would be able to get into the car without that message - but then what??

I think this is a bigger hype (it is all over the media) than a serious problem. The fix might be to take away all communications so they can't be intercepted which would render all of that great technology (OnStar RemoteLink, Ford Sync, etc.) useless.

 

[Tdog]

Yes - it will run but they can't drive it away without hacking the PassKey system and/or peeling the column (that was really easy on older pre-2000 GM cars)

BTW - if they can remote start it they can also remote unlock it. You would be able to get into the car without that message - but then what??

I think this is a bigger hype (it is all over the media) than a serious problem. The fix might be to take away all communications so they can't be intercepted which would render all of that great technology (OnStar RemoteLink, Ford Sync, etc.) useless.

I agree that the hype is bigger than the problem. As already pointed out, it takes a good bit of technology within the right proximity to sniff out the information, and isn't that why the key has to be put in the ignition and turned on before the vehicle can be shifted out of Park? So just like in the olden days: Key required unless a serious thief really wants it, in which case they probably would steal it the old fashioned way anyhow.

 

[SlayerX11]

Anybody with a screwdriver can unlock your car as well, and destroy your door lock so that any key unlocks it. Jam the screwdriver into the lock, done. Not all car alarms would go off by this either. Seen people do it...and then watched them get chased down by the cops because it was a bait car.

That's got to have been funny as hell to watch.

 

[sumr616]

That's got to have been funny as hell to watch.

Oh yea, it was. It happened at work- best.work.day.ever. I worked at an Academy (sports & outdoors store) a few years ago, there was a problem with people driving up to our town from Houston and in the span of about an hour they would go to Academy, a gym, and the mall and hit as many cars as they could, steal what they could grab, and leave town as fast as possible. Cue the bait car. I happened to be the door greeter that day. There were two guys arrested. One ran about a mile away, through a few people's backyards and eventually got too tired. (throw in 100 degree heat and it doesn't take long) The other guy was in the "getaway" car, spikes were thrown, he kept driving for about a block. Very dramatic. Like an episode of Cops! But yea, we could see it happen on the store cameras (after the fact) when they would come through, they were in and out of the parking lot in about 3 minutes, breaking into 2 cars. Fast.

But it doesn't always have to be something valuable in plain sight. My sisters car was broken into once, all they took was her stereo face plate (but not the actual stereo) and fifty cents, which was all the change she had in her car. Unfortunately, sometimes people are that desperate.

 

[gmiemigrad]

When they broke into mine (long time ago - college days) - they took the cheap stereo I had in the car. Unfortunately, the cost to repair the door skin (from the popped lock) and the broken dash panel was about $1,000 - for a $50 stereo.

Another experience was with a company car - 1995 Caprice. I had stayed overnight at the Marriott Courtyard in Ann Arbor by the mall. When I got into the car - I couldn't figure out why the instrument cluster was lit up (digital speedo). Then I realized they had peeled the steering column and tried to steal the car - but the PassKey antitheft kept them from starting it. They took the stereo instead. Couldn't drive the car because the ingnition cylinder was broken. The thieves hit 6 cars that night in the parking lot - the last one they actually drove away in. A couple were smashed windows. The hotel had a security guard - my bet was he was sleeping or in on it.

P.S. - that Caprice was the car from hell - before the attempted theft - on two separate trips I had a tire blowout on I-75 in downtown Detroit (keep in mind this car had less than 2,000 miles on it). Lots of fun changing tires along the side of a busy highway. Then on a third trip ended up with broken windshield from debris on I-75 thrown up from a truck. After the attempted theft - I refused to drive that particular car again.