Arduino Boards Can Remotely Start Your Car
Arduino boards are useful among security researchers for rapid prototyping of tools used in analysis. There's even an ARM-based version. Now researchers say they can start a car remotely using an Arduino board and a jailbroken iPhone.
Writing on Biobug, researcher Will O’Brien found that he could adapt an older car to have a remote engine start just like a new car. While he could have bought an off-the-shelf system, he decided to build his own instead.
O'Brien used an old jail broken iPhone, an Arduino, iPhone breakout board, and a few other pieces of hardware. He also used a Perl script he wrote causing the phone to look for SMS messages every 30 seconds. For his car, he bought an Avatal 3117 remote start system from Amazon with additional tweaks to make his Subaru’s "computer happy about missing the key."
One feature in particular he liked about the Avatal remote starter was its input wire: When it is grounded once, the remote will start the car; when it is grounded a second time, the car will turn off.
Of course DIY remote ignition might not be for everyone. In July, iSEC Partners researcher Don Bailey found he could identify the phone networks used for auto-remote SMS signals used to start or secure late model cars. Bailey showed in a video how he could spoof a text message to the ignition on a specific car. He could also unlock the car doors and pop open the trunk, if he wanted.
The underlying problem is that auto electronics are vulnerable to such simple attacks. There needs to be more attention paid to the authentication of the ignition signal (or the signal to unlock the car, or pop open the trunk). Just because it's cool doesn't mean it's secure.