Security Firm Hacks A Car With A Text
MELISSA BLOCK, host: From NPR News, this is ALL THINGS CONSIDERED. I'm Melissa Block.
ROBERT SIEGEL, host: And I'm Robert Siegel. It's now time for All Tech Considered.
(SOUNDBITE OF MUSIC)
SIEGEL: We've all heard about people hacking websites, cell phones at company databases. Well, now drivers beware, it is also possible to hack into a car.
Driving and texting just got a little more interesting. Two researchers at the security firm iSEC Partners recently demonstrated unlocking the doors of a car by overriding its alarm system and starting the engine all by sending the car a text message.
Matthew Solnik is one of those researchers at iSEC and he joins me now from San Francisco. Welcome to the program.
MATTHEW SOLNIK: Thank you.
SIEGEL: And first, explain to us how can you hack into a car by sending a text message.
SOLNIK: Well, these cars are connected to the M2M, which is the machine-to-machine GSM cell phone network. And with that, they can be communicated with over that network. By sending certain commands, we are able to then unlock the doors, start the car and things like that.
SIEGEL: Drive the car, move it?
SOLNIK: There are cars coming out that do have remote drive capabilities, but we have not played with them yet.
SIEGEL: Now, we're not talking about somebody's 1971 Dodge Dart out there. You're talking about cars that are equipped with technology that you are, in effect, turning against the car here.
SOLNIK: Correct. The cars have to be equipped with more or less a cellular modem, something that allows them to connect to the cell networks.
SIEGEL: But by sending a text message, you're communicating to a car. Cars have telephone numbers, you're saying.
SOLNIK: Correct, yes. A lot of vehicles have telephone numbers now. You know, it's not advertised but that's how they communicate with the kind of home office per se, of, you know, like OnStar or Ford SYNC.
The features that they bring are pretty amazing, you know, being able to contact the police if you're in an accident, or have someone remotely unlock your car if you leave your keys in it. These are amazing features. We just want to make sure that they are implemented properly and securely.
SIEGEL: Now, you and your colleague at iSEC were doing this to demonstrate a vulnerability and to help, I guess in this case, manufacturers of cars and car components protect against such things. But what are the implications beyond car theft of what you've demonstrated here?
SOLNIK: Well, we did the cars to show a proof of concept, to show that it could be done. The bigger issue is the same chipsets are used across the board in manufacturing, in power grids, water treatment centers - all with the same kind of vulnerabilities.
SIEGEL: The car that you're actually start on the video that I watched online, you had actually added up-to-date equipment so that you could do this to it. Could that equipment have been encrypted in some way so it would have kept you out?
SOLNIK: Yes. Yes. The manufacturers have actually been very good since we started contacting them about fixing the issues, you know. The problem is a lot of these chipsets were designed to be easy to use, both on the manufacturer side but that also means that it's easy to use from an attacker's point of view.
SIEGEL: Well, Mathews Solnik, thanks a lot for talking with us about this.
SOLNIK: Thank you so much, Robert.
SIEGEL: Mat Solnik is a researcher and consultant at the security firm iSEC Partners in San Francisco. On the topic of vulnerabilities in the power grid, he told us that his company has had extensive discussions with the Department of Homeland Security.
NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR’s programming is the audio.