Earlier this week, security technology researcher Samy Kamkar released a video of a device that he claimed allowed him to not only monitor but also intercept communications between the GM-OnStar RemoteLink app and OnStar-equipped vehicle to which the app was connected.
Cleverly called OwnStar, the hack was confirmed to be legitimate by GM-OnStar. Using the OwnStar device, Kamkar could access all of the functions available to a user logged into the OnStar RemoteLink app, including locking and unlocking doors, activating the horn and lights, starting the engine, and even finding the exact location of the vehicle on the app’s built-in map.
But the hack isn’t as bad as it sounds. For instance, Kamkar couldn’t drive the car away after unlocking the doors without having the vehicle’s key or key fob — a security feature available in all General Motors vehicles. In addition, the cars started remotely using Kamkar’s hack will automatically shut off after 10 minutes, and can only be started remotely twice until the owner physically entered the vehicle and started it from the cabin. Both are examples of security measures already present in GM vehicles. However, allowing a stranger to track your vehicle’s exact location on a map and unlock its doors isn’t exactly the most comforting feeling.
The good news is that General Motors quickly issued a fix to its own systems, which Kamkar discovered was not enough to fully address the issue. GM confirmed this and, hours later, issued an update to the OnStar RemoteLink app on the iOS platform that addresses the issue. It also disabled all versions of RemoteLink susceptible to the hack.
The OwnStar device uses a combination of basic computer called Raspberry Pi and several wireless adapters, all housed in a protective case. Kamkar has not fully detailed the nature of the OwnStar hack. Instead, he’s waiting to reveal details at the annual Defcon hacker conference in Las Vegas, Nevada.
OnStar is a wholly owned subsidiary of General Motors (GM Holdings LLC) providing automotive telematics services. The service launched launched in 1996 and provides in-vehicle safety, security and connectivity services in Chevrolet, Cadillac, Buick-GMC, and Opel-Vauxhall vehicles, including Automatic Crash Response, Stolen Vehicle Assistance, Turn-by-Turn Navigation, RemoteLink mobile app, and 4G LTE-based in-vehicle Wi-Fi hotspot. In 2015, OnStar recorded its 1 billionth customer interaction and topped more than 1 million 4G LTE Wi-Fi equipped-vehicles.