As modern vehicles become connected they also become vulnerable to attacks from hackers. Only recently it was demonstrated how hackers can remotely gain access to a Jeep and run it into a ditch even while being miles away from the car. Hacker Samy Kamkar has discovered a vulnerability in OnStar which can allow hackers to remote unlock and start the car.
Kamkar developed OwnStar which is a little box which doubles as a Wi-Fi hotspot to intercept commands sent by a driver’s OnStar RemoteLink app thus allowing an unauthorized user to track, unlock and start the car.
For this to work the OwnStar box has to be placed inside the OnStar-connected car and one the driver fires up the RemoteLink app when in range of the vehicle the device would automatically connected to OwnStar’s network and thus provide it with information such as home address, email address, last four digits on a credit card with expiry date and even the ability to start the car.
Kamkar says he never intended to use OwnStar for nefarious purposes, he made this just to expose a vulnerability in the OnStar app and help GM come up with a fix for it.
GM is now working to patch the RemoteLink vulnerability and Kamkar is in contact with the company during the process. The hacker will reveal some technical details about OwnStar at Defcon 2015 which kicks off in the first week of August.