DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
January 23, 2019 
Main Menu
News archives

Who's Online
There are currently 173 people online.


Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller

Follow us

GM OnStar car security system gets owned

Posted on Thursday, July 30 2015 @ 22:06:06 CEST by

It seems cars are becoming the big new thing for security researchers. Last week there was a huge story about a vulnerability in the Fiat Chrysler Uconnect technology that resulted in the recall of 1.4 million vehicles and now security expert Samy Kamkar discloses a vulnerability in the OnStar communications system from GM. OnStar links your vehicle to your smartphone and offers features like turn-by-turn navigation, hands free calling, remote diagnostics, stolen vehicle tracking, ignition blocks in case of theft, automatic crash response, remote unlocking, etc.

The hacking tool is based on a Raspberry Pi computer and it costs under $100 to assemble. Called the "Ownstar", the kit is able to locate, unlock and remote start any GM vehicle with OnStar RemoteLink. All that is needed is the planting of a cheap, homemade WiFi hotspot device somewhere on the car's body. Once that's done, hackers can intercept communication between the RemoteLink mobile app and the OnStar servers via a man-in-the-middle attack and connect to the car over a 2G cellular connection.
When the driver comes within Wi-Fi range of Kamkar’s $100 contraption, which he’s named “OwnStar” in a reference for the hacker jargon to “own” or control a system, it impersonates a familiar Wi-Fi network to trick the user’s phone into silently connecting. (Modern smartphones constantly probe for known networks, so the trade-paperback-sized box, packed with three radios and a Raspberry Pi computer, can listen for and then impersonate a friendly network, or by default call itself “attwifi” to appear as a common Starbucks connection.) If the user launches their GM RemoteLink Android or iOS app while their phone’s within Wi-fi range and unwittingly connected, OwnStar is designed to exploit a vulnerability in GM’s app to steal the user’s credentials and send that data over a 2G cellular connection to the hacker. “As soon as you’re on my network and you open the app, I’ve taken over,” Kamkar says.
GM is reportedly working on a fix.

Source: Wired



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba