The hacking tool is based on a Raspberry Pi computer and it costs under $100 to assemble. Called the "Ownstar", the kit is able to locate, unlock and remote start any GM vehicle with OnStar RemoteLink. All that is needed is the planting of a cheap, homemade WiFi hotspot device somewhere on the car's body. Once that's done, hackers can intercept communication between the RemoteLink mobile app and the OnStar servers via a man-in-the-middle attack and connect to the car over a 2G cellular connection.
When the driver comes within Wi-Fi range of Kamkar’s $100 contraption, which he’s named “OwnStar” in a reference for the hacker jargon to “own” or control a system, it impersonates a familiar Wi-Fi network to trick the user’s phone into silently connecting. (Modern smartphones constantly probe for known networks, so the trade-paperback-sized box, packed with three radios and a Raspberry Pi computer, can listen for and then impersonate a friendly network, or by default call itself “attwifi” to appear as a common Starbucks connection.) If the user launches their GM RemoteLink Android or iOS app while their phone’s within Wi-fi range and unwittingly connected, OwnStar is designed to exploit a vulnerability in GM’s app to steal the user’s credentials and send that data over a 2G cellular connection to the hacker. “As soon as you’re on my network and you open the app, I’ve taken over,” Kamkar says.GM is reportedly working on a fix.
Source: Wired