I am worried that too much remote communication features in new cars will allow this to happen:

http://www.networkworld.com/news/2011/072711-war-texting-lets-hackers-unlock.html?hpg1=bn&source=NWWNLE_nlt_daily_pm_2011-07-27

This includes GM's OnStar RemoteLink, and maybe the systems in other major vehicle brands. There is too much trust in wireless communications, and not enough security.

I hope GM reads this and improves their vehicle communication systems. The worst that can happen is that someone hacks into a Chevy Volt and controls it remotely. The next thing they may do is actually drive the Volt!

If these folks are intercepting messages between the car and the network, they are essentially hacking the cellular network, which in the US I think is Verizon for OnStar. Remotely controlling your vehicle is the least of your concerns if hackers can actually get into the cell network to intercept communications. I'm willing to bet cell carriers are quite concerned right now if this is the case.

More likely is that that are looking for devices that are running MyLink over unsecured or poorly secured WiFi. In that case, it would be fairly easy to intercept messages between the phone and the network to reproduce them.

The worst that can happen is that someone hacks into a Chevy Volt and controls it remotely. The next thing they may do is actually drive the Volt!

I don't think driving off is a concern. While you can "remote start" the Volt, you're really just turning on the air conditioning. You can't drive away. The car is still technically off even when it's been "remote start"ed. If there's no key in the car, you won't be able to turn it on and drive off.

They could still potentially unlock the doors and steal something. That's true. But anyone with a heavy/sharp object could do that to any car via the windows...

Note: This does give me some inspiration to write my own OnStar app. The existing one is insanely slow. I might have to sniff some Wifi packets and see what exactly takes so long...

This does give me some inspiration to write my own OnStar app. The existing one is insanely slow. I might have to sniff some Wifi packets and see what exactly takes so long...

I think the Volt communicates wirelessly via SMS, not via Wifi. Unlike Wifi, SMS is very narrow-band: usually only 160 characters per message.

I think the Volt communicates wirelessly via SMS, not via Wifi. Unlike Wifi, SMS is very narrow-band: usually only 160 characters per message.
Yes, but the OnStar app works over Wifi.

I know these guys were actually setting up their own mini-cellular network to crack the direct connection to the car, but I don't need to do that. I have valid access via OnStar. I'm wondering if the slowness is caused by OnStar or if it's just their app. If it's their app (which I think is at least possible), I might be able to speed things up. :-)

I know these guys were actually setting up their own mini-cellular network to crack the direct connection to the car, but I don't need to do that.

Not necessarily. If they're just looking at the SMS messages from the carrier to the car, they wouldn't need anything more than a cell phone and a computer with the appropriate software (either legit, or hacked). All forward link SMS messages (from cell system to phone) are transmitted in the clear, and any and all nearby phones receive them.

Phones the message isn't intended for are just supposed to ignore them.

Capturing the reverse length SMS messages (from phone to cell system) is a little trickier, but if the car responds to messages without context you might not need that.

And if a protocol doesn't have some form of HMAC on their SMS messages, the manufacturer deserves what they get...