Two hackers have found a way to unlock cars that use remote control and telemetry systems like BMW Assist, GM OnStar, Ford Sync, and Hyundai Blue Link.
Don Bailey and Mathew Solnik, both employees of iSEC say that the systems that communicate with the automaker’s remote servers via mobile networks like GSM and CDMA can be hacked. The pair are about to deliver their findings at next week’s Black Hat USA conference in Las Vegas in a briefing entitled “War Texting: Identifying and Interacting with Devices on the Telephone Network.”
They will not give out too many details of the attack won’t be disclosed until the affected manufacturers have had a chance to fix their systems. What they do is creating their own GSM network using off-the-shelf parts and sniffing the traffic sent between car and server. While the cars use a proprietary protocol it is not difficult to reverse engineer and send control messages from a laptop to the car to disable the alarm and unlock the doors.