OnStar is a connected auto system you can find on modern vehicle models provided by General Motors and is designed to increase the connectivity of your auto by linking the vehicle to your mobile device.
Advertisement
Vehicle hacking just jumped up a few levels.
In the Thursday video, Kamkar said he has been in touch with OnStar and the GM unit has been working on a solution to fix the issue for customers.
Within the video, Kamkar says that once a user opens the OnStar application on their smartphone, the OwnStar gadget is able to intercept this communication and send specially-crafted packets of data to the victim’s device. It includes a wide variety of features, including remote diagnostics, emergency services, crash detection and response, and navigation.
Kamkar hasn’t shared all the details of his hack yet-he’s saving that for Defcon-but there’s good news. Those credentials can then be used to gain access to the vehicle’s OnStar account and the full functionality of the OnStar RemoteLink app. The RemoteLink mobile app allows users to control some of their vehicles’ functions from their phones, such as remotely starting or unlocking the auto.
OwnStar takes over from here on and masquerades as the car’s own system and communicates with the OnStar app to harvest the driver’s credentials. The OwnStar device is also able to access information including a car’s make and model. The security researcher has promised to reveal the details of this exploit at a later date, most likely once the vulnerability has been patched. He wanted to expose a vulnerability in the OnStar app and help GM fix it – and it seems as if that’s precisely what’s happening. Integrated cellular connections, Wi-Fi and Bluetooth all serve as potential avenues for attack, and security patches can be hard to distribute across an entire fleet if owners must bring their vehicle to a dealer for a software update. “No additional action is required by our customers”, the spokesperson said. It’s a small black box that, when hidden on a vehicle with GM’s OnStar RemoteLink technology, can track, unlock, and even start the auto from any smartphone.
Advertisement
Cybersecurity is a global issue facing virtually every industry today, and a lot of work continues to been done at GM in this space.
