Talk about the Chrysler hack has yet to die down and another automotive breach is already making headlines. Security researcher Samy Kamkar has hacked General Motors’ (GM) OnStar in-vehicle system.
Kamkar posted a YouTube video revealing what he calls “OwnStar,” a device that intercepts GM’s OnStar Remote Link mobile app. He claims OwnStar can locate, unlock and even remotely start cars that come equipped with the system.
“GM told Wired that OnStar bug was fixed, however it's not actually resolved yet. I spoke with GM & they're working on it now,” Kamkar said today via his Twitter account. GM could not immediately be reached for comment and has not released a public statement as of this afternoon.
Car Hacking Trends
Earlier this month, a security flaw was discovered in the Jeep’s Cherokee’s Connect vehicle-connectivity system. Two white hat hackers -- Charlie Miller and Chris Valise -- tapped into the flaw while a reporter drove the vehicle down the highway.
The hackers successfully -- and remotely -- turned up the radio as loud as it would go and turned on the windshield wipers. If that seems fairly benign, wait until you hear this: They also cut off the transmission and disconnected the brakes. The Jeep ended up in a ditch.
It took a year for Miller and Valise to figure out a way to exploit the vulnerability. The duo will share how they did it at the Black Hat security conference in Las Vegas in August, but the short story is the flaw allowed them to inject malware into the system for remote control.
Fiat Chrysler issued a software patch, followed by a voluntary safety recall to update software in about 1.4 million U.S. vehicles. On top of the recall, Fiat Chrysler has also applied network-level security measures to prevent this type of remote manipulation in the future.
Ken Westin, senior security analyst for advanced threat protection firm Tripwire, told us over the years the goal of manufacturers has been to build safe and reliable vehicles. To be competitive, every automaker understands its brand has to be known for safety and reliability.
“With increasingly connected and high-tech components being added to these vehicles, they will need to add security to the mix in order to retain their brand integrity,” Westin said. “You can develop the most advanced vehicle that has all of the latest safety features and high-tech gadgets in it, but if it can be bricked by remote exploits, you are going to have wary consumers who may choose the next brand of vehicle because they put more emphasis on security.”
The automotive industry is aware of the importance of security, which is why car makers are not only working with researchers, but also with each other to help develop standards and best practices for more secure vehicles, Westin said.
Image credit: General Motors.