GM Vehicles Can Be Located, Unlocked, Started Remotely Via OnStar App
In another demonstration of how vulnerable modern vehicles are to external tampering, a hacker has shown how to locate, unlock, and remotely start any GM vehicle equipped with an OnStar RemoteLink app.
In a YouTube video posted Thursday, white hat hacker Sanjay Kamkar used a device he calls “OwnStar” to intercept communications between a user’s OnStar mobile app and the OnStar cloud service. He then showed how an attacker could send specially crafted packets to the user’s mobile device to gain access to additional credentials describing the connected vehicle’s location, make, and model.
With that information on hand, an attacker can use the intercepted OnStar app’s remote unlock and remote start functions to take over the vehicle, he said. Any GM vehicle owner who fires up the OnStar mobile app in the proximity of OwnStar device is vulnerable to the attack, Kamkar says. He urged GM owners not to use the OnStar Remotelink mobile app until the company has a fix for the problem.
“Fortunately the problem lies with the mobile software and is not a problem with the vehicles themselves,” Kamkar says. “GM and OnStar have so far been receptive to me and are already working quickly on a resolution to protect consumers.”
GM did not respond immediately for comment. But in comments to other media outlets, the company has noted that it is working on a fix for the issue identified by Kamkar.
According to GM, OnStar has fielded some one billion customer requests since it was launched 19 years ago. The service has a subscriber base of over 7 million people and GM fields a call from them at an average of one every two seconds.
Kamkar described his YouTube demonstration as a sneak peek and promised more details on the exploit and other car-related attacks and tools over the coming weeks at the DEF CON security conference and other venues.
Kamkar’s exploit is the second one targeted at smart cars in recent days. Earlier this month, noted car hackers Charlie Miller and Chris Valasek demonstrated how attackers could take complete remote control of a Jeep Cherokee’s braking, steering, and other critical systems through the vehicle’s entertainment system.
As part of the demonstration, the two hackers showed how they could kill the Jeep’s transmission remotely from 10 miles away while the vehicle was traveling at 70 miles per hour, causing the accelerator to stop working. The two hackers also disabled the vehicle’s brakes and toyed with the vehicle’s air conditioning, entertainment, and wiper systems to show how an attacker could take complete control of many critical functions of the vehicle by gaining access to its entertainment system.
The unnerving demonstration quickly prompted Fiat Chrysler Automobiles to issue a recall of some 1.4 million vehicles—covering seven vehicle models–equipped with certain radios. The company also implemented fresh network-level security measures to prevent the sort of remote manipulation that was demonstrated by the two hackers.
Chrysler described the attack as one requiring very sophisticated hacking skills and a highly detailed technical knowledge. But it was enough to stir major concerns among lawmakers and other car manufactures as well.
Kamkar’s demonstration is almost certain to fuel those concerns ever further and prompt closer scrutiny of the measures that major automakers are taking to protect modern, highly connected vehicle against remote attacks.
Concerns over car hacking are not new. Dramatic as the latest demonstrations by Kamkar, Miller, and Valasek have been, there were several others in recent years that have highlighted similar weaknesses.
In 2013, for instance, Miller and Valasek themselves demonstrated how attackers could remotely send malicious commands to a vehicle’s electronic control unit and cause problems with its braking, acceleration, steering, and tire pressure systems.
Concerns spawned by that demonstration prompted Sen. Edward Markey (D-MA) to send a letter to the CEOs of 20 major automakers asking for information on potential vulnerabilities in their vehicles to hacker attacks.
The responses from the automakers showed that 100 percent of modern vehicles are equipped with wireless technologies that are vulnerable to security and privacy intrusions, Markey’s office said in a report released earlier this year. The responses also showed that most automakers are unaware or unable to report on past hacking incidents and had inconsistent or haphazard measures for preventing remote access to vehicle electronics.
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio