While it may seem far fetched to some, security researchers at Black Hat recently demonstrated how cars can be hacked via war texting. Most remote control automotive systems use a cellular connection embedded in cars to provide these services. The connection is made by a propriety protocol. If the attacker understands the protocols and can intercept and spoof the proper information, it’s possible to control items like brakes or door locks.
While not trivial, the attack is made possible by setting up a GSM network and intercepting password authentication messages sent between the remote server and the automobile; this cell phone like attack, exploits the vehicle’s remote control system such as the ones used by General Motors, BMW, Mercedes, and others for unlocking and remotely starting cars.
To date, automotive systems have not been widely targeted, primarily because attackers like to go where there is access to money or sensitive data. There’s no big monetary prize in attacking cars and trucks; however, many of these products are relying on security by obscurity and that’s never good.
If past cyber crime history is any guide to the future, then sufficient controls may not be added until something bad happens or there is a major security breach. Automobile manufacturers can use more sophisticated parts to prevent these types of attacks; however, there’s the tradeoff of increased costs.