DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 18, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 180 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

GM OnStar car security system gets owned

Posted on Thursday, July 30 2015 @ 22:06:06 CEST by


It seems cars are becoming the big new thing for security researchers. Last week there was a huge story about a vulnerability in the Fiat Chrysler Uconnect technology that resulted in the recall of 1.4 million vehicles and now security expert Samy Kamkar discloses a vulnerability in the OnStar communications system from GM. OnStar links your vehicle to your smartphone and offers features like turn-by-turn navigation, hands free calling, remote diagnostics, stolen vehicle tracking, ignition blocks in case of theft, automatic crash response, remote unlocking, etc.

The hacking tool is based on a Raspberry Pi computer and it costs under $100 to assemble. Called the "Ownstar", the kit is able to locate, unlock and remote start any GM vehicle with OnStar RemoteLink. All that is needed is the planting of a cheap, homemade WiFi hotspot device somewhere on the car's body. Once that's done, hackers can intercept communication between the RemoteLink mobile app and the OnStar servers via a man-in-the-middle attack and connect to the car over a 2G cellular connection.
When the driver comes within Wi-Fi range of Kamkar’s $100 contraption, which he’s named “OwnStar” in a reference for the hacker jargon to “own” or control a system, it impersonates a familiar Wi-Fi network to trick the user’s phone into silently connecting. (Modern smartphones constantly probe for known networks, so the trade-paperback-sized box, packed with three radios and a Raspberry Pi computer, can listen for and then impersonate a friendly network, or by default call itself “attwifi” to appear as a common Starbucks connection.) If the user launches their GM RemoteLink Android or iOS app while their phone’s within Wi-fi range and unwittingly connected, OwnStar is designed to exploit a vulnerability in GM’s app to steal the user’s credentials and send that data over a 2G cellular connection to the hacker. “As soon as you’re on my network and you open the app, I’ve taken over,” Kamkar says.
GM is reportedly working on a fix.



Source: Wired



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba