Hacker Exposes OnStar Security Hole

Advertisements:

OnStar RemoteLink App (Credit: General Motors )

This past week or so hasn’t been kind to American automakers and digital security. The bad news keeps rolling, this time for GM after a hacker exposed a big security hole in OnStar. The good news is the hacker is a white hat, meaning he didn’t make a bunch of GM owners crash or lock them out of their cars while demanding wads of cash. That doesn’t mean something like that can’t happen in the near future.

» Related: Production Chevy Bolt Will Debut At CES

CNET broke the story of security researcher Samy Kamkar creating a device he calls OwnStar. It’s a cute name, but the hardware has the ability to see and intercept communications between any vehicle with OnStar and the OnStar RemoteLInk app.

Fortunately, GM took the information seriously, creating a patch to fix the problem quickly. Unfortunately, it wasn’t enough. Kamar and GM have both found that there’s still a vulnerability in any OnStar-equipped vehicle that won’t make anyone feel warm and fuzzy about having the technology.

Kamar posted a video on YouTube of OwnStar in action. He was able to start up a GM vehicle’s engine remotely, activate the door locks and even pinpoint exactly where it was located. These aren’t things anyone wants an anonymous person who could be thousands of miles away doing.

People often are fearful of change, and this news along with the Fiat Chrysler hack is stirring up a lot of concern. Some are suggesting that having computers in cars is a mistake, although they probably don’t realize that would mean ditching fuel injection and other conveniences we take for granted these days. The real problem is that automakers have been too lax about cybersecurity. Cars are now part of the Internet of Things, and so they need the same kinds of protections found on iPhones, tablets and other devices.

Having someone hack your car while driving down the highway at 75 mph is more concerning than your phone. The fact is that there were limits to what Kamar could do. He couldn’t shut off the engine with the transmission is gear. He couldn’t drive the vehicle remotely. Still, he’s exposed yet another big security risk associated with connected cars, demonstrating the need for better security in the immediate future.

Advertisements:

« PREV STORY

Jay

I may not be much of a techie but I do understand the basics and logic of physics.

I’m appalled at the ignorance of those who actually think that some idiot can take control of their vehicle remotely and drive it. Unless your vehicle is equipped with the capability of parking itself you need not worry about someone being able to
drive your car, it’s technically and mechanically impossible. Furthermore; those
cars are equipped with sensors that can only take over once you stop the car
and only drive at a snail’s pace while parking. They may be able to start or
shut the engine and play with the power windows, locks and radio but they will
never ever be able to drive a basic car remotely. It’s ignorance to the max of
those who report it as such and those who believe it. Look at this way, take
two toy cars one equipped to be driven remotely and the other just a plain
simple toy car. Now try to drive the plain car with the remote from the remote
control car when you succeed then you can believe all this bull.

The stupidity of not having computers in our cars is absurd, if a computer does not have a receiver as in the case of fuel injection and other things in a vehicle where the computer is hard wired to the system and the only way to access it is with the plug in the car that is used when you take it to the dealer or to the auto parts stores, nobody will be able to access a hard wired system remotely. The toy car scenario once again.

There is an old saying that goes something along the lines of “there’s a sucker born every minute” and evidently they are multiplying in droves.