GM Performs Stealth Update To Fix Security Bug In OnStar

Posted by timothy on Thursday September 10, 2015 @04:52AM from the just-trust-us dept.

An anonymous reader writes: Back in 2010, long before the Jeep Cherokee thing, some university researchers demonstrated remote car takeover via cellular (old story here). A new Wired article reveals that this was actually a complete exploit of the OnStar system (and was the same one used in that 60 Minutes car hacking episode last year). Moreover, these cars stayed vulnerable for years -- until 2014, when GM created a remote update capability and secretly started pushing updates to all the affected cars.

2 of 91 comments (clear)

Min score:

Reason:

Sort:

The only fix... by Anonymous Coward · 2015-09-10 04:58 · Score: 5, Insightful

The only fix for the security problems with Onstar and any similar system is total removal of the hardware and software!!!!!
This is not reassuring by beschra · 2015-09-10 05:34 · Score: 5, Interesting

From GM chief product cybersecurity officer Jeff Massimilla:

“We were able to find a way to deliver over-the-air updates on a system that was not necessarily designed to do so.”
They hacked it so they could hack it. I'm glad GM has my back.

--
It is unwise to ascribe motive