Researcher Says GM’s OnStar App Vulnerable To Hacking [UPDATED x2]

Fresh off the heels of Fiat Chrysler getting schooled on how their cars can be hacked remotely in very dangerous ways which then prompted a recall of said cars, comes this story about GM’s OnStar app and how it can be leveraged to do things that GM never intended:

“White-hat” hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to “locate, unlock and remote-start” vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service.

Kamkar said he plans to provide technical details on the hack next week in Las Vegas at the Def Con conference, where tens of thousands of hacking aficionados will gather to learn about new cybersecurity vulnerabilities.

Now GM is working on a fix that should be out in days, but this is drawing the attention of the National Highway Traffic Safety Administration who suggested that they disable the functionality that Kamkar has exploited until a fix is released. But in my mind, the bigger issue is this. Car companies are clearly designing functionality for cars where security isn’t top of mind. After all, it seems in every one of the these cases, trivial amounts of work is required to pretty much pwn a car. This I will say again that the car industry needs a “Patch Tuesday” mentality. But I will also add that they also have to have a security first attitude which based on these cases over the last few weeks is clearly missing.

UPDATE: I found the video showing the hack in action using a device that Samy Kamkar created called “OwnStar”:

UPDATE #2: GM and OnStar has issued an update for the iOS version of the RemoteLink app that addresses this vulnerability. If you have an OnStar-equipped vehicle and use RemoteLink on iOS, you should install the application update as soon as possible to reduce risk of attack. Also of note, users of RemoteLink on other mobile platforms don’t need to take any action. I’m not sure I believe that, but that’s likely me being paranoid.

2 Responses to “Researcher Says GM’s OnStar App Vulnerable To Hacking [UPDATED x2]”

  1. […] they could control it, which in turn led to a recall to allow Chrysler to address the issue? Or the GM OnStar hack that allowed a security research to remote open the doors and start the engines of GM cars equipped […]

  2. […] Tesla hasn’t responded to this yet. But if this is true, this is a serious problem for Tesla. And it reminds me of a similar situation with GM’s OnStar where came up with a method to do something similar to OwnStar equipped cars …. […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: