New Hack Controls Car with SMS

Greg Hyde

---

13th August 2018

A security expert has warned that the components of connected cars can be reverse engineered, allowing cars to be controlled by hackers with SMS messages.

At the DefCon 26 Car Hacking Village in Las Vegas, Daniel Regalado, the principal security researcher at IoT device security provider Zingbox, explained how he and freelance researchers Gerardo Iglesias and Ken Hsu were able to use reverse engineering to infect the smartphone a car was connected to with malware via its USB port. They were then able to remotely control the car via SMS messages.

Zingbox says this shows how the smartphones connected through USB ports represent a serious hacking threat. It explained that once hackers had control of the driver’s SMS messaging services, their services’ commands to the vehicle would be vulnerable to penetration. The car’s infotainment systems could be controlled by hackers, causing distractions for the driver and the driver would also be at risk of identity theft, Zingbox added.

The more significant and alarming aspect of the exercise was the ease with which the researchers were able to reverse engineer the car’s components. It suggests carmakers need to pay closer attention to the structural security and integrity of the parts they make.

Regalado claimed the ability to successfully “infect a car’s infotainment system and expose private data sheds light on an important vulnerability for manufacturers”, specifically the car’s USB port. Zingbox CEO Xu Zou added that Regalado and his colleagues “continuously push the boundaries of IoT vulnerability research”.