Slashdot Mirror

← Back to Stories (view on slashdot.org)

GM Performs Stealth Update To Fix Security Bug In OnStar

Posted by timothy on from the just-trust-us dept.

An anonymous reader writes: Back in 2010, long before the Jeep Cherokee thing, some university researchers demonstrated remote car takeover via cellular (old story here). A new Wired article reveals that this was actually a complete exploit of the OnStar system (and was the same one used in that 60 Minutes car hacking episode last year). Moreover, these cars stayed vulnerable for years -- until 2014, when GM created a remote update capability and secretly started pushing updates to all the affected cars.

3 of 91 comments (clear)

  1. Re:The only fix... by cayenne8 · · Score: 3, Interesting

    The only fix for the security problems with Onstar and any similar system is total removal of the hardware and software!!!!!

    Or at least the car manufacturers should give the purchaser the OPTION on whether to have this hardware/software installed or not.

    It used to be an "option"...why did it become now a standard fixture. Sadly it seems these systems are so integrated now, you can't keep the car functioning without them.

    It should be a modular thing that you can request to have or not have....

    Are there any good ways to disable OnStar and the Uconnect apps, and prevent them from communicating wirelessly at least?

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  2. This is not reassuring by beschra · · Score: 5, Interesting

    From GM chief product cybersecurity officer Jeff Massimilla:

    “We were able to find a way to deliver over-the-air updates on a system that was not necessarily designed to do so.”

    They hacked it so they could hack it. I'm glad GM has my back.

    --
    It is unwise to ascribe motive
  3. How does a consumer test for the vulnerability? by ShaunC · · Score: 4, Interesting

    As someone who drives a GM car that came with an OnStar antenna, a rearview mirror full of OnStar buttons, and an OnStar free trial... How do I determine whether or not my car is vulnerable? Whether it received the patch? Which generation of OnStar my car has?

    I haven't had anything to do with OnStar since I was driving down the interstate and suddenly received a loud and unexpected phone call from a fucking OnStar telemarketer. My trial, which came with the car and which I hadn't used, was about to expire, so they decided to make a sales call. To my car. While I was driving. Out of nowhere, the car muted the radio, made some very loud dinging noises, and started blasting an unknown woman's voice over the stereo system while I was driving down the highway. She's asking me if I want to sign up for OnStar at such and such monthly rate. I have never been so distracted by anything while behind the wheel of a car, and vowed never to use any OnStar service again.

    I'd just like to know whether or not the OnStar in my car, which I had hoped was disabled after not paying for it, will attempt to kill me again.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!