Thursday, 30 July 2015

Hacker Claims To Be Able To Take Control Of Any General Motors Car With OnStar

The OwnStar device allegedly intercepts communications through the OnStar app.

The “OwnStar” device allegedly intercepts communications through the OnStar app.

As we saw last week, the ability to remotely take control of a vehicle is a very real concern. While Fiat Chrysler recalled nearly 1.4 million vehicles and issued a patch related to some of its internet-connected cars, another automaker is now sitting in the precarious spot of potential hijack victim, as a hacker claims he can commandeer any of the company’s vehicles as long as they come with the OnStar system.

A hacker named Samy details in a new video the creation of a gadget – he’s calling it “OwnStar” – that allows anyone to locate, unlock, and start a car using the OnStar system.

The hack works by intercepting the communications between an opened OnStar mobile phone app and the OnStar service itself.

Once the car is in range of the OwnStar device – Samy doesn’t specify what the range of the device is – the hacker is able to gain access to a user’s credentials, allowing indefinite access to the vehicle.

Samy points out in the video that the vulnerability actually lies in the mobile software utilized by the service and not the actual General Motors vehicle.

Additionally, he notes that both General Motors and OnStar have been receptive of his concerns and have already started working on a resolution.

A spokesperson for the car maker tells Tech Insider that a remedy for the issue has already been put in place.

“GM Product Cybersecurity representatives have reviewed the potential vulnerability recently identified by [Samy], and a fix has already been implemented to address this concern. No additional action is required by our customers,” the spokesperson said.

Despite GM’s assurance that everything has been fixed, Samy suggests users of OnStar refrain from opening the app in their vehicle until they explicitly receive an update.

[via Tech Insider]


by Ashlee Kieler via Consumerist

No comments:

Post a Comment