August 05, 2011, 11:03 AM —
flickr/Sara .Nel
The Black Hat security conference in Las Vegas always entertains the rest of the world with some interesting, if unnerving, stories. Hot story so far this year? Illustrating the weakness of devices connected to cellular GSM networks (think AT&T). Example? Unlocking many, many car models by attacking some device or service included in the car that links to the cell phone network. The original attack vector was the Zoombak, a tracker parents install on their car to see where their kids are, or at least track the car.
[Car hackers can kill brakes, engine, and more and With hacking, music can take control of your car]
Unlocking cars illegally is fun (so I hear), but the real concern is that many other devices rely on the cell networks. Oops. You know what's coming – most of those devices are no more secure than the Zoombak "owned" by Don Bailey, a senior consultant with iSEC Partners, who gave the demo at Black Hat. Examples he gave? Phones (that's obvious but potentially very lucrative to hack), cash machines (uh oh), and even industrial systems (double uh oh).
Scared yet? The security of our nation may rely on how well AT&T and other wireless carriers engineer their protection. If so, we're screwed.
What fun!
Woo hoo! Free Subaru(e?)s! (Suburui?)
Raging Tyrant on endgadet.com
Well, damn good thing I read this. I saw this car I really like, do you do contract work?
d3xTer on cnn.com
BTW, a "non-internet" car can be stolen with a rock and a screwdriver. Much less tech savvy than a smartphone with an app and a text message.
Pitt36 on cnn.com
Uh oh
I was thinking about this, I have a Viper SmartStart in my car which connects to AT&Ts network and allows me to open my car and start it with my Nexus One or iPhone (BB too). What scares me the most is that when it authenticates with the car it has to send out my username and password. The bad thing is that the SmartStart app sends out my password in PLAIN TEXT! So no encryption whatsoever, this way anyone on the same WiFi network (like I tested) or anyone who hacked into the GSM network (can be easy) can get the email and password I use and download the same app and login and have access to my car.
Crisss1205 on cnn.com
im blaming the hackers next time i accelerate into a truck.
wel809 on endgadget.com
I'm personally very glad that we live in a country that allows people like Don Bailey to speak freely and move about at will. At least we know how terrifyingly easy it is for organizations and individuals to do scary things. I think I will not buy a smart phone after all. I may go back to driving my 1987 Dodge Truck.
Brational on cnn.com
When will these companies take security seriously?
This is NOT news, this has been documented over 20 years ago specifically with ATM & petrol pump machines
bob on dailymail.co.uk
The senior management at AT&T said much the same thing when they were told that free international calls could be had using nothing more complex than a toy whistle to exploit a security gap in the phone system. You would be astonished and quite alarmed by what some hackers and phreaks are capable of.
George on dailymail.co.uk
I'm sure that will get things fixed fast, 15 years MAX.
satn on endgadget.com
On a scale of 1-10, do you think this hacking demonstration is real?
If it is real, on a scale of 1-10, how serious a situation do you think this exploit highlights?
