Siri can give you directions and restaurant recommendations. She can read your text messages and tell you tomorrow's weather and the longitudinal coordinates of Albuquerque, N.M. And now we can add a new, potentially scary feature to her impressive repertoire: She can start your car.
On his website, New York-based IT professional Brandon Fiquett showed how, using a proxy Siri server, he built a custom plugin that enables him to use Siri, the new iPhone 4S's voice-activated assistant, to send remote commands to his Acura TL.
The plugin forward Siri commands to his personal Web server, which in turn connects to a Viper SmartStart module installed in the car. The end result is that Siri can start and kill the engine, arm and disarm the alarm system, pop the trunk, lock and unlock the doors and set the alarm to "panic" mode. (The regular SmartStart app for iPhones, BlackBerrys and Android phones doesn't need a server, but can't yet be voice-controlled.)
Although Fiquett's tool is only a proof-of-concept exploit, hackers have already begun targeting the new crop of technologically equipped vehicles, many of which include onboard features such as GPS devices and media players that connect wirelessly to the Internet.
Earlier this year, researchers from the University of California, San Diego and the University of Washington hid a Trojan on a CD, which, once inserted into the stereo, gave them access to the vehicle's full computer system. And this past summer, researchers at the Black Hat Security Conference demonstrated a proof-of-concept hack in which they hacked into a car's security system using a text message.