Researcher says can hack GM's OnStar app, open vehicle, start engine
Reuters
Published Jul 30, 2015 06:12PM ET
Researcher says can hack GM's OnStar app, open vehicle, start engine
By Jim Finkle and Bernie Woodall
BOSTON/DETROIT (Reuters) - A researcher is advising drivers not to use a mobile app for General Motors Co's (N:GM) OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely.
"White-hat" hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to "locate, unlock and remote-start" vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service.
Kamkar said he plans to provide technical details on the hack next week in Las Vegas at the Def Con conference, where tens of thousands of hacking aficionados will gather to learn about new cybersecurity vulnerabilities.
Kamkar released the video a week after Fiat Chrysler Automobiles (N:FCAU) (MI:FCHA) recalled some 1.4 million vehicles after hacking experts demonstrated a more serious vulnerability in the Jeep Cherokee. That bug allowed them to gain remote control of a Jeep traveling at 70 miles per hour on a public highway.
GM spokesman Terrence Rhadigan told Reuters via email that the company was preparing an update to the RemoteLink app that would address the vulnerability. "It's days away," Rhadigan said.
When asked via email if it was safe to use the app before an update is released, Rhadigan said: "We believe the chances of replicating this demonstration in the real world are unlikely. In addition, the action involves one user at a time, and would impact only that specific user's account."
The issue drew the attention of U.S. safety regulators from the National Highway Traffic Safety Administration.
Agency representatives discussed the issue with GM officials, who said the flaw could involve doors and engine start-stop but does not involve other critical safety systems, according to a person familiar with those discussions.
The agency responded by making some suggestions, including disabling the app's function until customers perform the update, according to the person.
More than 3 million people have downloaded the OnStar RemoteLink mobile app for Apple (O:AAPL) iOS and Google Inc (O:GOOGL) devices, according to OnStar's website.
Get The News You Want
Written By: Reuters
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.