Hacker Uses OnStar App To Gain Access To GM Vehicles
After last week’s high-profile hack of a Jeep Cherokee from more than 10 miles away, car owners and manufacturers are on edge. Congress has started making moves to require safeguards on new cars to prevent hacking, but that doesn’t help cars that are already on the road. Today a hacker has stepped forward who claims to have the technology to hack a GM vehicle equipped with OnStar, and the automaker is taking swift action.
Samy Kamkar, a security researcher who posts regularly to his Applied Hacking series on YouTube, posted a video demonstrating the tool he created, called OwnStar. Check it out below.
OwnStar is a device that is able to locate, unlock, and remotely start a vehicle equipped with those OnStar capabilities by intercepting data from the mobile app many subscribers use on their phones. When sitting near a vehicle owner on their app, OwnStar goes to work to gain access to the vehicle. It takes all the data being sent from the app and uses it to acquire the credentials needed to access that unique car. From there, it’s easy for Kamkar to find his new car, unlock it, and start it remotely to drive away.
Once Kamkar has access using OwnStar, he has that access for the foreseeable future. His advice to current OnStar users is to refrain from using the app on their phones until GM issues a fix. According to Kamkar, he is working with GM and they are taking the situation very seriously.
This is understandably alarming for GM owners, and GM is providing an app update to help stop hacks like this in the future. Kamkar says that the app still needs more updates to completely protect it, but the good news is that hackers will not be able to swipe your car’s information if you do not use the app. Stick to your keys until the problem is solved, and your car will be safe!
The News Wheel will continue to keep track of this developing story and let you know if there are further updates from General Motors.