A couple of weeks ago, two hackers made headlines when they wreaked havoc on a Jeep Grand Cherokee by exploiting a weakness in the vehicle's Uconnect telematics system. (Jeep's parent company, Fiat Chrysler Automobiles, subsequently issued a recall to patch the security hole.)
But as we pointed out, Uconnect wasn't the hackers' only viable target, it was just the easiest one. In fact, General Motors' OnStar system has its share of flaws, too, and fixing them has been an ongoing process.
ALSO SEE: Ford F-150 Vs. Ram 1500: Compare Trucks
To do so, it's been working with good-guy hacker Samy Kamkar. As you can see from Kamkar's video above, he's not only identified security problems associated with OnStar, he's also found ways for consumers to keep their vehicles safe.
PROBLEMS & SOLUTIONS
To its credit, OnStar has quickly taken steps to harden security on its network, minimizing the potential for foul play. But Kamkar has still been able to use his self-engineered hardware (which he calls "OwnStar") to take control of GM vehicles using OnStar's RemoteLink mobile app.
The good news for OnStar subscribers is that in order for Kamkar's hack to work, he has to be fairly close to someone who's using the RemoteLink app.
The bad news is that, once Kamkar finds a nearby user, he's able to gain indefinite control of certain elements of the target vehicle, including locating, unlocking, and starting it. And because he's essentially tapping in through the RemoteLink app, Kamkar can control vehicles from halfway around the globe.
The one thing that Kamkar hasn't been able to do is drive away in a hacked vehicle. To do that, he'd need the vehicle's key fob, which his code can't mimic -- at least not yet.
Though it's unlikely that most motorists will be the victims of this kind of hack, Kamkar suggests that OnStar subscribers avoid opening the RemoteLink app until OnStar releases an update. The National Highway Traffic Safety Administration has gone a step further, suggesting that GM disable the OnStar app until a fix is issued.
Kamkar will discuss his findings at the DefCon security conference, which kicks off tomorrow in Las Vegas.