OnStar Is Vulnerable To Hackers, Too: Here's What You Can Do To Protect Your Car

August 5, 2015

A couple of weeks ago, two hackers made headlines when they wreaked havoc on a Jeep Grand Cherokee by exploiting a weakness in the vehicle's Uconnect telematics system. (Jeep's parent company, Fiat Chrysler Automobiles, subsequently issued a recall to patch the security hole.) 

But as we pointed out, Uconnect wasn't the hackers' only viable target, it was just the easiest one. In fact, General Motors' OnStar system has its share of flaws, too, and fixing them has been an ongoing process.

ALSO SEE: Ford F-150 Vs. Ram 1500: Compare Trucks

To do so, it's been working with good-guy hacker Samy Kamkar. As you can see from Kamkar's video above, he's not only identified security problems associated with OnStar, he's also found ways for consumers to keep their vehicles safe.

PROBLEMS & SOLUTIONS

To its credit, OnStar has quickly taken steps to harden security on its network, minimizing the potential for foul play. But Kamkar has still been able to use his self-engineered hardware (which he calls "OwnStar") to take control of GM vehicles using OnStar's RemoteLink mobile app.

The good news for OnStar subscribers is that in order for Kamkar's hack to work, he has to be fairly close to someone who's using the RemoteLink app.

READ: Toyota Chooses Not To Offer Apple's CarPlay Or Google's Android Auto: Dumbest Move Ever?

The bad news is that, once Kamkar finds a nearby user, he's able to gain indefinite control of certain elements of the target vehicle, including locating, unlocking, and starting it. And because he's essentially tapping in through the RemoteLink app, Kamkar can control vehicles from halfway around the globe.

The one thing that Kamkar hasn't been able to do is drive away in a hacked vehicle. To do that, he'd need the vehicle's key fob, which his code can't mimic -- at least not yet.

Though it's unlikely that most motorists will be the victims of this kind of hack, Kamkar suggests that OnStar subscribers avoid opening the RemoteLink app until OnStar releases an update. The National Highway Traffic Safety Administration has gone a step further, suggesting that GM disable the OnStar app until a fix is issued.

Kamkar will discuss his findings at the DefCon security conference, which kicks off tomorrow in Las Vegas.

___________________________________________

Follow The Car Connection on FacebookTwitter and Google+.

2017
The Car Connection
See the winners »
2017
The Car Connection
 
The Car Connection Daily Headlines
I agree to receive emails from the site. I can withdraw my consent at any time by unsubscribing.
Thank you! Please check your email for confirmation.
Ratings and Reviews
Rate and review your car for The Car Connection
Review your car