The convenience offered by mobile apps for unlocking car doors and remotely starting their engines is also a weakness, as two hackers will demonstrate at the upcoming Black Hat conference in Las Vegas. Researchers Don Bailey and Mathew Solnik managed to use a laptop to hack the mobile app connection in two different car brands.
The researchers discovered that, when a user pushed the unlock or remote engine start buttons on the app, the phone sends a signal to a service center, which then sends a signal to the car telling it what to do. The researchers intercepted and duplicated the signal sent to the car, afterwards using it to repeat the function.
Although the researchers have not revealed the types of cars they hacked, GM and Mercedes-Benz have been the first to market with smartphone apps that offer these functions. The mobile app itself is not central to this hack, as the service center would send the same remote unlock or start code to the car if an owner were to call and request that function.
The researchers vowed not to reveal their exact method until the automakers have time to fix the security hole. GM's telematics service, the app provider, is OnStar, a GM division, but Mercedes-Benz contracts Hughes Telematics.
(Source: Network World)