War texting is a new mobile term and it has nothing to do with Afghanistan or Iraq. This is a new way for thieves to open up a mobile auto control system using their mobile phone.
OnStar Remotelink is a wireless system that advertises; “Connect to your truck anytime, no matter where you are or where it is. All you need is a cell phone signal.”. The convenience of a mobile system like OnStar is gaining the attention of the good guys at the moment. They are hacking things like OnStar to try and show car manufacturers that their systems are not safe. Don Bailey is a man who has been crunching the data behind wireless automotive control systems. He is a part of iSec, a security consulting company with “deep experience in application, infrastructure and mobile security”. Luckily it was Don, and not some other destructive person, who has taken up this project.
Automotive programs like OnStar Remotelink are used to unlock or start a vehicle with the cell networks. The owner of the vehicle sends the command, the cell networks send it to OnStar and Onstar sends the message back to the cell network and finally to the vehicle, which obeys the command. The war texting mentioned above is not a simple process, but not impossible. Don Bailey says that they can reverse-engineer the process, ending up with the tools necessary to send deceptive signals and therefore steal a vehicle.
But Bailey points to more than just vehicles that may have a problem with war texting. So many things are being hooked up to wireless networks these days. Security has been an afterthought for them. Refrigerators, smoke alarms, toasters, microwaves, washing machines are all destined to be “intelligent” thanks to a wireless connection in the near future. Cars and mobile phones are just the start.
As the title says, it took Don Bailey and a friend from iSec, researcher Mathew Solnik, just two hours to break into the wireless network between a car and its control system. The good news is that open source software is available to give heroes like Bailey and Solnick the tools they need to advise companies about mobile automotive app security. The fact that the software is open source makes it cheap to do research on mobile networks. Test networks are easier to set up and progress is faster. Bailey will give a demonstration of his abilities at the Black Hat Conference that is scheduled for Las Vegas at the end of the month.
