Samy Kamkar’s OwnStar device can hack GM cars to unlock them and start enginesLimitations and mitigation
OwnStar is about the size of a Wi-Fi router and can break into GM’s OnStar System through any rogue Wi-Fi hotspot.
OnStar system is subscription-based communications, in-vehicle security, hands free calling, turn-by-turn navigation, and remote diagnostics systems used by GM vehicles throughout the United States, Canada, China and Mexico. A similar service is known as ChevyStar in Latin American markets (Except Mexico). When Kamkar’s ingenious OwnStar is used successfully to break into GM’s OnStar system, it lets a potential attacker do almost anything with the car that the OnStar officially does for the car owner. It can locate a vehicle remotely, unlock doors, or even start the engine. Kamkar will reveal the full details about the device and its workings during a presentation at DefCon next week. He has however, uploaded a YouTube video giving a glimpse of how OwnStar works.
For the hack to work, OwnStar box has to be physically attached to the body of the car. Only attaching it to the car body is not enough, it has to close enough to intercept communications from the driver’s phone. OwnStar takes over from here on and masquerades as the car’s own system and communicates with the OnStar app to harvest the driver’s credentials. Any potential attacker can then use those credentials to effectively mimic the app, giving orders to the car through the OnStar system. The hack is possible because the OnStar app doesn’t check for phony encryption certificates, allowing Kamkar’s device to easily take over the control of OnStar system.
Limitations and mitigation
OwnStar is awesome but for the hack to work, the hacker has to be able to physically attach it to the car as state above. Also GM can fix the vulnerability simply updating the Onstar app over-the-air. In other terms OwnStar may turn out to harmless for GM car owners so unlike Chrysler recall of 1.4 million cars last week, they dont have to visit GM service centers to get the hack fixed. Kamkar has notified GM about the vulnerability and the device details, and GM engineers should be working on a fix right now. The OTA update for OnStar should be on the way before the PoC is revealed by Kamkar at DefCon 2015.