Keyless or smart keys, for cars, have been around for some time now. Smart keys allows the driver to keep the keys in their pockets (or handbags) when unlocking, locking and starting the vehicle.
Keyless keys use proximity. As you approach the car your key is identified via one of the antennas in the car. A radio pulse generator in the key ‘greets’ your car and a ‘handshake’ ensues. The vehicle’s alarm is immobilized and the doors are automatically unlocked. Simply walking away from the car will initiate the lockdown process – door lock, alarm activation and complete engine shutdown.
The convergence of technology is best illustrated by the latest smart key – your smart mobile phone. The mobile phone as a smart key is currently confined to up-market cars but expect to see your Japanese model using it in the very near future. Your mobile phone will, very soon, evolve into the ubiquitous universal remote control device.
GSM mobile phones are using applications (apps) that provide the same functionality as the smart key. Mobile phones with the smart key are able to disengage the immobilizer and activate the ignition without inserting a physical key in the ignition. Communication between the mobile phone and with the vehicle’s receiver is software driven. This software is vulnerable to hacking.
A hacker can exploit vulnerability in the latest and most secure mobile phone standard today, the 3G/UMTS/WCDMA standard.
By reverse engineering the network and then closely monitoring it by using “sniffers”, it is possible to figure out the codes needed to send rogue commands to cars that use mobile phones as smart keys. This technique is popularly known as “war texting”.
By using a “souped-up” mobile phone it is possible to analyze a GSM network more extensively. Data received from the network can then be sent to a laptop in real-time. It would then be possible to send a random SMS to a mobile phone and obtain its network ID number. You can then use this information to attack the mobile phone that acts as a keyless key.
This exploit would then allow a hacker to send rogue commands from a safe distance.
As GSM and UMTS standards become more and more well known, security flaws and shortcuts of this network standard become more widely known among hackers.
As the mobile phone becomes a universal remote control device it is important to appreciate that technological advancement is usually accompanied by vulnerabilities.