At the Black Hat security conference in Las Vegas, two security researchers have reportedly demonstrated how they could, using an Android-powered phone, steal password authentication messages to unlock and start the engine of a Subaru Outback crossover. It reportedly took just a few hours for them to break in.
While these researchers might be able to start an Outback, it seems like driving it away could be another matter. The optional remote start system for automatic-transmission Outbacks is available for $359.95, but systems like this require the key to be in the car to put it in gear.
Michael McHale, Subaru's director of corporate communications, wouldn't comment on whether this type of breach is possible, having not observed the claimed hack, but he said an attack like this could affect other brands.
"I don't think it's a Subaru situation," McHale said. "I think the same technology would work on most cars on the market." The researchers said they won't provide specifics about their breach until manufacturers have a chance to upgrade their systems.
The thought of thieves unlocking and starting a car without a key would probably strike most car owners as near-impossible. As cars increasingly become rolling computers, though, it makes them prime targets for hackers. Maybe it's time for an old-school security solution: the Club.