Hacking smart car alarm systems

[harlan4096]

Information security specialists at Pen Test Partners have hijacked a car — using its alarm. What is more, the security systems that the researchers hacked — Pandora and Viper SmartStart — are widely used: Researchers estimate that about 3 million cars have them installed.

Convenient, but are they safe?

In theory, smart antitheft systems are more than just alarms. They can assist even if the vehicle has already been stolen. For example, they can track it, cut off the engine, and lock the doors before the police arrive. And all this is done through an app in your smartphone. Convenient? You bet! Safe? As manufacturers claim, such systems were designed to enhance car security many times over.

But now it’s not just your car that might get stolen.

Having hijacked your account and logged into the app in your name, a cybercriminal gains access to a mass of data and all smart alarm functions. A simple change of password will lock you out of the system. The attacker will then be able to:

• Track all vehicle movements,
  
• Enable and disable the alarm system,
  
• Lock and unlock the car doors,
  
• Enable and disable the immobilizer, an antitheft tool that prevents the engine from starting,
  
• Cut the engine — in some cases even while the car is moving.
  

In the case of Pandora alarms, the cybercriminal can also eavesdrop on conversations inside the vehicle through the antitheft system’s microphone, which is intended for emergency calls. Remember that you cannot fight back, because only the attacker has access to the system. Doesn’t sound too great, does it?

Continue Reading