Hacker's Device Can Intercept OnStar's Mobile App and Unlock, Start GM Cars

Lucas123 writes: Security researcher Samy Kamkar posted a video today demonstrating a device he created that he calls OwnStar that can intercept communications between GM's RemoteLink mobile app and the OnStar cloud service in order to unlock and start an OnStar equipped car. Kamkar said that after a user opens the OnStar Remote Link app on his or her mobile phone "near the OwnStar device," OwnStar intercepts the communication and sends "data packets to the mobile device to acquire additional credentials. The OwnStar device then notifies the attacker about the new vehicle that the hacker has access to for an indefinite period of time, including its location, make and model. And at that point, the hacker can use the Remote Link app to control the vehicle. Kamkar said GM is aware of the security hole and is working on a fix.

Re:This Screams, get real computers in cars.

[sinij]

Seeing all these vulnerabiltieis pop up in all these cars, knowing how malware-ridden is typical user's GPC, you are asking for more GPC in cars?!?! What is wrong with you?!

If your grandma's AOL-connected computer gets infected, it will at most become a nameless bot zombie and a minor nuisance. On other hand, under similar scenario your grandma's networked car, probably with her screaming in terror until the bitter end, could realistically become a remotely controlled weapon and seriously ruin everybody's day. Just consider than only a couple of big accidents can pretty much shut down an entire urban highway system, the bar for extreme mayhem in this case is much, much lower.