OnStar hack remotely starts cars, GM working on a fix

0
297

Hacker Samy Kamkar unveiled his latest triumph this morning: OwnStar, a tiny box that acts as a Wi-Fi hotspot and intercepts commands sent from a driver’s OnStar RemoteLink app, allowing an unauthorized user to locate, unlock or start the vehicle. Simply place the box somewhere in an OnStar-connected car and wait for the driver to start up the RemoteLink app within range of the vehicle. The driver’s smartphone should automatically connect to OwnStar’s network and, voila , the hacker now has all of the car owner’s information (email, home address, final four digits on a credit card plus expiration date), and control of the car. GM has already issued one patch this morning aimed at securing the RemoteLink app, but it was unsuccessful, according to Kamkar . Kamkar never intended to wreak havok with OwnStar, he said in an interview with Wired . He wanted to expose a vulnerability in the OnStar app and help GM fix it — and it seems as if that’s precisely what’s happening. GM is working to patch the RemoteLink bug now and Kamkar says he’s in contact with the company as they fix it. Kamkar plans to reveal more technical details about OwnStar at Defcon 2015, which runs from August 6th to the 9th in Las Vegas. OwnStar update: GM told WIRED that OnStar bug was fixed, however it’s not actually resolved yet. I spoke with GM & they’re working on it now – Samy Kamkar (@samykamkar) July 30, 2015 This is the second major car-based hack to surface this month. On July 24th, Fiat Chrysler issued a voluntary recall of 1.4 million US vehicles with certain touchscreen entertainment systems, after Wired reported that it was possible to remotely cut the engine, disable and activate the brakes, and track the location of these cars. Filed under: Gaming , HD Comments Source: Wired , CNET

Read More:
OnStar hack remotely starts cars, GM working on a fix

LEAVE A REPLY

Please enter your comment!
Please enter your name here

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.