"War-Texting" Car Alarms
Researcher Don Bailey of iSec Partners has been cataloging devices communicating through cellular networks for some time. Earlier this year he showed how simple devices designed to report your location can be spoofed, almost trivially, through text messaging. Now Bailey is back with a new presentation at next week's Black Hat USA, where he plans to show how car alarms can fall victim to similar attacks. Car alarms are vulnerable in part because they receive messages from a control server on Internet-ready cellular networks.
From Dark Reading
Bailey declined to reveal the car alarm vendor. He says these and other devices are being exposed to reverse-engineering and abuse via their GSM or cell connections. "Their proprietary protocols [traditionally] were insulated and so obfuscated that you wouldn't necessarily know what was going on under the hood," Bailey says. "[But] car-alarm manufacturers now have to worry about reverse-engineering of their proprietary protocols."
Bailey says an attacker can glean previously undisclosed aspects of the alarm device from the phone network. "Now that they're OEM'ing GSM modules ... they are leaving the whole business exposed. It's serious from that angle: Attackers can finally get under the hood easily because they have a foot in the door with GSM," he says.
Bailey told Dark Reading the car alarm attack just scratches the surface. "What I got in two hours with the car alarm is pretty horrifying when you consider other devices like this, such as SCADA systems and traffic-control cameras. How quick and easy it is to re-engineer them is pretty scary," he said.