Want CNET to notify you of price drops and the latest stories?

Remote unlock and start for cars hacked

Network World reports that researchers Don Bailey and Mathew Solnik will demonstrate hacking the remote unlock and start functions of mobile apps at the Black Hat conference in Las Vegas.

Wayne Cunningham Managing Editor / Roadshow
Wayne Cunningham reviews cars and writes about automotive technology for CNET's Roadshow. Prior to the automotive beat, he covered spyware, Web building technologies, and computer hardware. He began covering technology and the Web in 1994 as an editor of The Net magazine.
Wayne Cunningham
OnStar mobile app
OnStar mobile app
The OnStar mobile app lets owners remotely unlock their car doors. GM

The convenience offered by mobile apps for unlocking car doors and remotely starting their engines is also a weakness, as two hackers will demonstrate at the upcoming Black Hat conference in Las Vegas. Researchers Don Bailey and Mathew Solnik managed to use a laptop to hack the mobile app connection in two different car brands.

The researchers discovered that, when a user pushed the unlock or remote engine start buttons on the app, the phone sends a signal to a service center, which then sends a signal to the car telling it what to do. The researchers intercepted and duplicated the signal sent to the car, afterwards using it to repeat the function.

Although the researchers have not revealed the types of cars they hacked, GM and Mercedes-Benz have been the first to market with smartphone apps that offer these functions. The mobile app itself is not central to this hack, as the service center would send the same remote unlock or start code to the car if an owner were to call and request that function.

The researchers vowed not to reveal their exact method until the automakers have time to fix the security hole. GM's telematics service, the app provider, is OnStar, a GM division, but Mercedes-Benz contracts Hughes Telematics.

(Source: Network World)