After the Fiat-Chrysler uConnect vulnerability it is now GM that has to fix a certain security flaw in their OnStar system. In contrast to the uConnect hack, this exploit takes place using a flaw in the RemoteLink mobile phone companion app of OnStar. The researcher Samy Kamkar uses a self-built device called OwnStar to get access to the user’s credentials by using a combination of wifi spoofing and man-in-the-middle attack.
The book-sized gadget he developed, which he calls “OwnStar” in a reference to the hacker term to “own” or gain control of a target computer, is designed to be hidden under the chassis or bumper of a GM vehicle the attacker is targeting. When the car’s owner uses the OnStar RemoteLink app within Wi-fi range of the car, OwnStar exploited an authentication flaw in the app to intercept the user’s credentials and send them wirelessly to the hacker.
“If I can intercept that communication, I can take full control and behave as the user indefinitely,” says Kamkar, a well-known security researcher and freelance developer. “From then on I can geolocate your car, go up to it and unlock it, and use all the functionalities that the RemoteLink software offers.”
Thankfully, GM seems to have resolved the problem with a change to its server software and update to its OnStar RemoteLink iOS app. Kamkar is scheduled to talk in detail about his hack at this year’s DefCon conference.