Should you worry about your car getting hacked by SMS messages?
You’re driving down the road when suddenly your windscreen wipers turn on automatically and your car starts slowing down without you pressing the brake. Then, you find your brakes don’t work at all. It’s a potentially nightmare situation that’s completely possible.
Researchers have been examining the electronic systems built into every car produced these days, as well as accessories that access the car’s systems. What they found is pretty scary, but is it something you really need to worry about happening to you?
Controlling a car via SMS
At the University of California, San Diego researchers found a security flaw that let them access a car’s systems. They demonstrated their findings at Usenix, a security conference held in Washington DC. In the video below you can watch how they send SMS messages to control the Corvette after hacking in using a security vulnerability.
The vulnerabilities they found weren’t with the car itself though. It turns out that a commonly used device called a dongle is what opened up the car’s systems to hackers. The dongles plug into the car and monitor performance such as fuel efficiency, miles driven and other information. Fleet operators, lorries, and certain insurance companies use them to keep track of their drivers and vehicles.
The particular model examined by the researchers was distributed by a company called Metromile, a US based insurance company. The dongles were shipped in a “developer mode” which left them with very little security and already set up to respond to commands via SMS.
The affected dongles have since been patched according to the manufacturer Mobile Devices. Newer models are said not to be susceptible to hacking. But according to an article in The Guardian, the researchers found thousands of the dongles around the world that were still vulnerable. Similar devices distributed by other companies have had major security issues as well.
Not just dongles
Dongles aren’t the only electronics in cars that can be hacked. According to AutoExpress.co.uk, a recent study of 20 cars showed security was an issue for a number of electronics systems. They looked at things like Bluetooth, Wi-Fi, mobile network connections, key fobs, remote starts, and tyre pressure monitoring systems.
In the study they looked at how each of these types of systems enabled someone to access critical systems such as brakes, seat belts, and steering. They found that in many models of cars they could connect via wireless network and control the systems. In this study, the researchers didn’t use SMS messages though. They accessed the systems directly through the network.
Car theft via hacking
Another study reported on AutoExpress.co.uk looked specifically at security vulnerabilities that allow your car to be stolen by hacking. They commented that 4 out of 10 car thefts in major cities involve hacking.
Most of the hacking involves tricking a car’s immobiliser, a device that is supposed to prevent the car from starting unless the proper key is provided. The most easily compromised systems used start buttons which rely on fobs rather than physical keys.
This type of hacking though usually requires physical contact with the car, so again, SMS messaging alone would not be sufficient for a hacker to steal or control your car. The researchers also pointed out that it takes a lot of resources (money, time, technology) to steal or control cars this way. So it isn’t something you’d expect the average car thief to use.
Even so, auto manufacturers are working to improve security. Some have already issued fixes, and one company in the US issued an official recall (which isn’t done lightly).
So do you need to worry about your car being hacked, via SMS or any other method? Probably not, but if you use a dongle you might want to make sure it’s not one of the compromised models. And most of the cars examined were in the US. The same report that revealed issues with immobilisers also revealed that UK models have different security so they won’t have the same vulnerabilities.
The bottom line is that it takes a lot of work to hack into a car the way the researchers did. The average Brit probably shouldn’t lose any sleep over the idea of theft or of losing control of their car via SMS message or wireless access. But it’s good to stay aware of any patches or recalls to your vehicles, just in case.
The great thing about SMS messaging is how simple it is. You just type, click send, and the other person gets the message almost instantly. But there’s more going on in that simplicity than you might realise. Each message has different parts. Let’s look at them individually so you’ll understand everything that goes into your message when you hit “send”.
A2P SMS, or Application to Person SMS, messaging is when an application sends a person a text message just like you’d send a text to your mates. P2A SMS, or Person to Application SMS, messaging is when a person send texts to an application.
The benefit of using SMS messaging for authentication is that people have their mobiles with them all the time. It’s convenient for them to receive the passcodes quickly so they can get logged in and do their business, whatever that may be. At its simplest, the procedure goes something like this...
Ever wondered why SMS text messages are limited to 160 characters? You might think it was an arbitrary choice but that wasn't the case. 160 characters was chosen based on scientific research (sort of). Read the history behind it and learn how you can send texts of up to 456 characters now.
Enterprises are large companies. Sometimes that means they think they should be able to do everything themselves. But when it comes to SMS messaging, building an in-house gateway is more difficult than you might think. Read why finding a good SMS service provider is a better option.