Security expert Don Bailey says the same hack he uses to unlock cars could hit power and water systems.
Las Vegas (CNN) -- Don Bailey says he can unlock thousands of cars across the United States simply by sending a few texts from his Android phone.
And that's not even the scary part.
Bailey, a senior security consultant with iSEC Partners, said in an interview with CNN at the Black Hat security conference here at Caesars Palace that the same hack he has used to demonstrate unlocking and even starting a car via text message also could be used to attack industrial systems, the power grid and the water system.
"I could care less if I could unlock a car door," he said. "It's cool. It's sexy. But the same system is used to control phone, power, traffic systems. I think that's the real threat."
Bailey would not share details about which cars or which auto systems are vulnerable to the hack that he showed off publicly at the event.
The hack affects many kinds of devices that connect to cellular GSM networks, like the one used by AT&T. As cars and plenty of other stuff -- from pill bottles to trees, he said -- start connecting to cell grids and the Internet, Bailey said they become more vulnerable.
Certain electronic components that accept wireless signals are vulnerable to the hack, he said. Those components are in the cars Bailey said he can unlock remotely.
Again, he would not name which cars have them.
Strangely enough, Oprah Winfrey kinda-sorta inspired this research.
Bailey said he was watching an "Oprah" show about a device called the Zoombak, which the TV host said could be used by parents to track the locations of their kids.
"I heard that and thought, 'Oh dear God no. Please Oprah, no, no no!' " he said in a presentation at Black Hat. "This was my thinking: That's dangerous. That can definitely be owned. Let's own that thing."
In hacker-speak, "own" means to take control of a device.
Once he figured out how to take control of the kid-tracker, Bailey moved on to cars, which he said was more difficult but still not impossible.
"I couldn't just straight-up text message it and be like, 'Gimme yo' datas!' " he said, referring to the car parts. "So it was a little more work."
It's not all doom-and-gloom, though.
Bailey said manufacturers could purchase more expensive parts that would keep these types of hacks from being possible. He thinks industry associations should put out recommendations suggesting this approach, even though cost increases would be "highly significant."
"We have to," he said. "We have to find elegant ways to find that sweet spot between cost and security."
Black Hat is an annual gathering of hackers and security professionals in Las Vegas. Researchers hope that by showing off how to hack certain systems, the computer industry will take steps to make infrastructure and consumers safer.
No comments:
Post a Comment