OnStar exploit gives hackers access to car engine, locks

31 Jul 2015 | Author: | No comments yet »

OnStar exploit gives hackers access to car engine, locks.

Security researcher Samy Kamkar said he’s been able to remotely start car engines and operate other vehicle features from afar, releasing a proof-of-concept video of his research Thursday showing how a homemade computer device composed of a Wi-Fi hotspot and about $100 in parts can give hackers control over cars equipped with OnStar. BOSTON/DETROIT: A researcher is advising drivers not to use a mobile app for General Motors Co’s OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely. “White-hat” hacker Samy Kamkar posted a video saying he had figured out a way to “locate, unlock and remote-start” vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service. Kamkar said he plans to provide technical details on the hack next week in Las Vegas at the Def Con conference, where tens of thousands of hacking aficionados will gather to learn about new cybersecurity vulnerabilities. Kamkar released the video a week after Fiat Chrysler Automobiles recalled some 1.4 million vehicles after hacking experts demonstrated a more serious vulnerability in the Jeep Cherokee. GM spokesman Terrence Rhadigan told Reuters via email that the company was preparing an update to the RemoteLink app that would address the vulnerability. “It’s days away,” Rhadigan said.

When asked via e-mail if it was safe to use the app before an update is released, Rhadigan said: “We believe the chances of replicating this demonstration in the real world are unlikely. By disguising the name of the malicious network running inside the OwnStar box to something innocent-looking like “attwifi,” the free Wi-Fi account often available at Starbucks, a hacker has better odds of tricking a phone with RemoteLink into automatically connecting. GM’s RemoteLink app started as a feature for Chevrolet Volt owners to remotely check the status of their vehicle’s battery life, according to the company. In addition, the action involves one user at a time, and would impact only that specific user’s account.” Agency representatives discussed the issue with GM officials, who said the flaw could involve doors and engine start-stop but does not involve other critical safety systems, according to a person familiar with those discussions. The idea expanded and connected with OnStar to give drivers up-to-date vehicle information such as oil level, tire pressure, fuel level, and lifetime miles per gallon.

So, while this latest attack might not be as dangerous as someone taking over your car, it does show one more way a hacker can gain access to personal data. The OwnStar hacking device lets the attacks do just about anything—horns, lights, unlocking, and starting—to the car except put it in gear and drive away. Kamkar recommends consumers not open the app until an update has been issued. “The systems work is done, which was a major step to ensure security for customers,” Rashid-Merem said in an email. “To fully mitigate the issue, we are also doing a RemoteLink app update which will be available in app stores soon.” GM is hardly a newcomer to connected cars. The company has also put Wi-Fi into dozens of new Buick, Chevrolet, Cadillac, and GMC models, thanks to an AT&T 4G radio module that gives users a high-speed link comparable to what you might experience on the latest Samsung Galaxy or 4G iPad. The recent formation of the Alliance of Automobile Manufacturers (AAM)—an alliance of 12 automakers including Ford F -1.06% , General Motors , and Mercedes-Benz—couldn’t have come any sooner.

Here you can write a commentary on the recording "OnStar exploit gives hackers access to car engine, locks".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site