Last week Fiat Chrysler issued a massive voluntary recall of 1.4 million US vehicles after Wired showed it was possible to hack into the vehicles’ wireless systems and take control remotely.
This week another hacker, Samy Kamkar, has demonstrated a flaw in General Motors’ OnStar emergency assistance system.
Kamkar has developed a little box of tricks dubbed OwnStar, essentially a wi-fi hotspot that is placed near an OnStar-connected vehicle and intercepts commands from the driver’s OnStar RemoteLink app.
As soon as the driver connects their phone to the car, OwnStar gives the hacker access to the driver’s/account holder’s personal and credit card information and control of the car.
Once the vulnerability was exposed, GM issued a patch for RemoteLink, but it didn’t work. Kamkar claims he exposed the problem to help find a solution, and that he his working with GM to do so. He plans to reveal details of how OwnStar works at Defcon in August.
OnStar launched in the US in 1996 and earlier this week marked 1 billion customer interactions. It started as an alert service to the relevant services in case of an emergency. OnStar operators were typically alerted when an airbag went off, the system giving the car’s GPS locations. Since the app was introduced, users can operate various functions via their smartphone, while operators have the ability to remotely start or shut down an OnStar-connected car.
OnStar launches in Europe, including the UK, in August. It’s unclear whether OwnStar would work with GM’s European products; presumably the fix for RemoteLink will be applied globally, anyway.
By Only Motors