Should recent OnStar hack raise concerns for GM drivers?

31 Jul 2015 | Author: | No comments yet »

OnStar exploit gives hackers access to car engine, locks.

On the heels of a 1.4 million car recall by Fiat Chrysler to patch hacker-exposed software, now comes word that a hacker made a $100 box he says can take over basic controls of an OnStar-equipped General Motors car. (GM says it’s already fixed the problem. Security researcher Samy Kamkar said he’s been able to remotely start car engines and operate other vehicle features from afar, releasing a proof-of-concept video of his research Thursday showing how a homemade computer device composed of a Wi-Fi hotspot and about $100 in parts can give hackers control over cars equipped with OnStar.

BOSTON/DETROIT: A researcher is advising drivers not to use a mobile app for General Motors Co’s OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely. “White-hat” hacker Samy Kamkar posted a video saying he had figured out a way to “locate, unlock and remote-start” vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service. Kamkar said he plans to provide technical details on the hack next week in Las Vegas at the Def Con conference, where tens of thousands of hacking aficionados will gather to learn about new cybersecurity vulnerabilities. It was frightening in that, unlike previous hackers who physically altered cars to allow them to be taken over remotely, the Jeep hackers controlled a car they hadn’t physically tampered with. Kamkar released the video a week after Fiat Chrysler Automobiles recalled some 1.4 million vehicles after hacking experts demonstrated a more serious vulnerability in the Jeep Cherokee.

GM spokesman Terrence Rhadigan told Reuters via email that the company was preparing an update to the RemoteLink app that would address the vulnerability. “It’s days away,” Rhadigan said. When asked via e-mail if it was safe to use the app before an update is released, Rhadigan said: “We believe the chances of replicating this demonstration in the real world are unlikely. By disguising the name of the malicious network running inside the OwnStar box to something innocent-looking like “attwifi,” the free Wi-Fi account often available at Starbucks, a hacker has better odds of tricking a phone with RemoteLink into automatically connecting.

In addition, the action involves one user at a time, and would impact only that specific user’s account.” Agency representatives discussed the issue with GM officials, who said the flaw could involve doors and engine start-stop but does not involve other critical safety systems, according to a person familiar with those discussions. Observers say carmakers, heretofore focused on loading vehicles up with digital connectivity, are starting to focus on security. “The fear mongering gets people to be diligent about this because you don’t want unintended consequences,” John Ellis told PC Magazine recently.

He was a global technologist at Ford and now runs the consultancy firm Ellis & Associates, the magazine said. “But it’s nowhere near this cataclysmic event that people keep hearing about, and the car companies are hiring security people and taking this more and more seriously.” Kamkar, the self-proclaimed OnStar hacker, said his goal is to raise awareness about the potential for hacking not just cars, but all connected devices. “I do play Grand Theft Auto a lot, but my motivation isn’t to steal cars,” Kamkar said in the Wired story about his project. “I want to point out the lack of security here and the fact we need to pay more attention as we make more devices connected and quote ‘smart.’ The proof of concept is to show that it’s reasonably trivial for someone in my industry to do this.” “Why aren’t you stopping, honey?

Here you can write a commentary on the recording "Should recent OnStar hack raise concerns for GM drivers?".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site