Security team proves car systems can be hacked


Congresswoman Anna Eshoo, D-Palo Alto, called on the FCC to review security standards for medical devices that rely on wireless communications. Things like implants and insulin pumps could be at risk of being hacked which could endanger lives.

The concern over insulin pumps comes from a computer security expert who also happens to be a diabetic. At a security conference this month he showed how he could remotely re-program his insulin pump. Hacking has also occurred against pacemakers and defibrillators which use wireless communications like so many facets of our lives.

Two people who know that well are San Francisco security consultants Don Bailey and Mat Solnik of iSEC partners. While they don't deal with the issue of medical devices, they are working to stay one step ahead of hackers.

"A lot of things that are actually improving and making our lives easier, but at the same time with these devices there becomes the issue of what they actually have control over," said Solnik.

One device they investigated is the car security system. They recently demonstrated how they could bypass a car alarm with a few keystrokes on a laptop. They were able to open the locked door and start the engine.

Anti-theft systems rely on cellular telephone networks which allow one machine to talk to another often through a text message.

"So anything that uses that system is going to be vulnerable to a range of potential attacks and you'll see that in almost every industry today worldwide," said Bailey.

Wireless signals are behind home security systems, ATMs, power grids and pipelines. The security consultants say the unnamed car alarm company they were able to breach quickly fixed the problem. They say consumers should ask questions before buying.

"Now a telltale good sign is a manufacturer publicly stating we have had our security reviewed by a third parties," said Solnik.

But it may be a tough sell in a quickly changing technology.

"Everything's connected with the Internet, Wi-Fi, whatever it may be, all these different systems that are supposed to be secure, but they're really not," said Oakland resident Jordan Williams.

With regard to medical devices, industry officials are downplaying the threat, saying the average person wouldn't be able to figure out how to hack an insulin pump or pacemaker. Still, the FCC is being asked to look into the issue.

Copyright © 2024 KGO-TV. All Rights Reserved.