We've seen hackers breach the Web sites of the Federal Bureau of Investigation and Rupert Murdoch's New Corp., among many other firms. Now seeing the cars of these people being hacked may no longer be a remote possibility: two security researches have found a way to hack into mobile apps used for unlocking car doors and starting their engines.

The hackers, Don Bailey and Mathew Solnik, will deliver their findings next week at the Black Hat USA conference.

"Today, A-GPS tracking devices, 3G Security Cameras, Urban Traffic Control systems, SCADA sensors, Home Control and Automation systems, and even vehicles are now telephony enabled. These systems often receive control messages over the telephone network in the form of text messages (SMS) or GPRS data. These messages can trigger actions such as firmware updates, Are You There requests, or even solicitations for data. As a result, it is imperative for mobile researchers to understand how these systems can be detected by attackers on the global telephone network, then potentially abused," Bailey said in a synopsis to a briefing entitled "War Texting: Identifying and Interacting with Devices on the Telephone Network," at the conference.

Although the hackers did not reveal the types of cars they hacked, BMW Assist, GM OnStar, Ford Sync, and Hyundai Blue Link are known to use remote control and telemetry systems, according to reporting by The Hacker News. When a user pushes the buttons on the app mobile app, a signal is sent to a service center, which then sends a signal to the car.

Bailey and Solnik, employees of security consulting firm iSEC Partners, have figured these protocols and were able to duplicate the signals remotely sent to the cars. "With a clever bit of reverse engineering, the hackers were able to pose as these servers and communicate directly with a car's on-board computer via 'war texting' - a riff on 'war driving,' the act of finding open wireless networks," The Hacker News said.

Bailey and Solnik, employees of security consulting firm iSEC Partners, have vowed not to reveal their exact method and the two car brands that they hacked until the automakers have time to fix the security hole, according to CNET.

"But to be honest it doesn't really matter: if two systems have been cracked (and in just a few hours no less), then it's likely that other on-board, remote control systems are also vulnerable to the same attack vector," The Hacker News points out.

Software that sends remote commands to cars could let car thieves do the very same things, computer security researchers at iSec Partners said.

CNET quoted Bailey as saying he has been in touch with the Department of Homeland Security and US-CERT about these issues.
The Black Hat security conference is scheduled for July 30 - Aug. 4 at Caesar's Palace in Las Vegas, Nevada.