Hackers have now cracked the codes to your car. On Thursday, "white hat" hacker Samy Kamkar revealed in a video that he had created a gadget for just $100 that gains him access to any GM vehicle equipped with the OnStar system. He calls it OwnStar and it presents a clear and present danger to connected smart cars. What can it do? Basically everything OnStar does like locate the vehicle, open it, and remotely start the engine.
The security flaw can be exploited this way: the gadget Samy Kamkar made must first be attached on the targeted car. And then, when the driver opens the OnStar app and is within the Wi-Fi range of the device, then the signal is now intercepted and control granted to the OwnStar user. The hack happens as OwnStar gets credentials from the OnStar service itself and is granted indefinite access.
More details on this dangerous security flaw will be presented at next week's Defcon security conference.
The GM OnStar hack is the latest in a string of security flaws discovered on connected cars. Wired published a report last week on two hackers, Charlie Miller and Chris Valasek, and how they were able to get around the Uconnect feature of Chrysler cars. They said that there is a vulnerability in the system that allows an attacker to know the car's IP address for unauthorized access from anywhere within the country. In their demonstration, they were able to take over the dashboard, steering, transmission, and brakes of a Jeep Cherokee-all the while the driver was in the car and on the road.
This unprecedented event prompted Chrysler to recall 1.4 million vehicles. While the recall does not involve the actual bringing in of vehicles from their owners, a USB with updates will be sent to them for updating on their vehicles' USB ports.
