«
»

Researcher Says GM’s OnStar App Vulnerable To Hacking [UPDATED x2]

Fresh off the heels of Fiat Chrysler getting schooled on how their cars can be hacked remotely in very dangerous ways which then prompted a recall of said cars, comes this story about GM’s OnStar app and how it can be leveraged to do things that GM never intended:

“White-hat” hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to “locate, unlock and remote-start” vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service.

Kamkar said he plans to provide technical details on the hack next week in Las Vegas at the Def Con conference, where tens of thousands of hacking aficionados will gather to learn about new cybersecurity vulnerabilities.

Now GM is working on a fix that should be out in days, but this is drawing the attention of the National Highway Traffic Safety Administration who suggested that they disable the functionality that Kamkar has exploited until a fix is released. But in my mind, the bigger issue is this. Car companies are clearly designing functionality for cars where security isn’t top of mind. After all, it seems in every one of the these cases, trivial amounts of work is required to pretty much pwn a car. This I will say again that the car industry needs a “Patch Tuesday” mentality. But I will also add that they also have to have a security first attitude which based on these cases over the last few weeks is clearly missing.

UPDATE: I found the video showing the hack in action using a device that Samy Kamkar created called “OwnStar”:

UPDATE #2: GM and OnStar has issued an update for the iOS version of the RemoteLink app that addresses this vulnerability. If you have an OnStar-equipped vehicle and use RemoteLink on iOS, you should install the application update as soon as possible to reduce risk of attack. Also of note, users of RemoteLink on other mobile platforms don’t need to take any action. I’m not sure I believe that, but that’s likely me being paranoid.

This entry was posted on July 30, 2015 at 7:44 pm and is filed under Commentary with tags , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Researcher Says GM’s OnStar App Vulnerable To Hacking [UPDATED x2]”

  1. Flaws In VW And Audi Infotainment Systems Can Lead To Remote Pwnage Of Cars | The IT Nerd Says:
    May 2, 2018 at 12:17 pm

    […] they could control it, which in turn led to a recall to allow Chrysler to address the issue? Or the GM OnStar hack that allowed a security research to remote open the doors and start the engines of GM cars equipped […]

    Reply
  2. Teen Claims To Have Pwned Tesla Cars In 13 Countries | The IT Nerd Says:
    January 13, 2022 at 11:09 am

    […] Tesla hasn’t responded to this yet. But if this is true, this is a serious problem for Tesla. And it reminds me of a similar situation with GM’s OnStar where came up with a method to do something similar to OwnStar equipped cars …. […]

    Reply

Leave a Reply to Flaws In VW And Audi Infotainment Systems Can Lead To Remote Pwnage Of Cars | The IT NerdCancel reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading