Car hacking just jumped up a few levels. A security researcher has built a small device that can intercept the traffic from the OnStar RemoteLink mobile app and give him persistent access to a user’s vehicle to locate, unlock, and start it.
The device is called OwnStar and it’s the creation of Samy Kamkar, a security researcher and hardware hacker who makes a habit of finding clever ways around the security of various systems, including garage doors, wireless keyboards, and drones. His newest creation essentially allows him to take remote control of users’ vehicles simply by sending a few special packets to the OnStar service. The attack is a car thief’s dream.
Kamkar said that by standing near a user who has the RemoteLink mobile app open, he can use the OwnStar device to intercept requests from the app to the OnStar service. He can then take over control of the functions that RemoteLink handles, including unlocking and remotely starting the vehicle.
“After a user opens the RemoteLink mobile app on their phone near my OwnStar device, OwnStar intercepts the communications and sends specially crafted packets to the mobile device to acquire additional credentials then notifies me, the attacker, about the vehicle that I indefinitely have access to, including its location, make, and model,” Kamkar said in a video demonstrating the device.
[youtube https://www.youtube.com/watch?v=3olXUbS-prU&w=560&h=315]
OnStar is General Motors’ on-board vehicle security and communications service. It includes a wide variety of features, including remote diagnostics, emergency services, crash detection and response, and navigation. The RemoteLink mobile app allows users to control some of their vehicles’ functions from their phones, such as remotely starting or unlocking the car.
Kamkar said that the vulnerability is with the RemoteLink app and not with the cars.
“The issue lies in the mobile software and is not a problem with the vehicles themselves,” he said.
Kamkar plans to demonstrate the attack and reveal more of the details at DEF CON next week, along with some other vehicle attacks. He has been in contact with GM and said the automaker has been responsive to him, a rarity in the auto industry’s interactions with security researchers.
“GM and OnStar have so far been receptive to me and are already working quickly on a resolution to protect consumers,” he said.
Kamkar recommends that consumers not use the RemoteLink app until OnStar pushes out a patch for the bug.
The OwnStar attack comes just a week after security researchers Charlie Miller and Chris Valasek revealed details of vulnerabilities in some Chrysler vehicles that allowed them to compromise them remotely and take control of their systems while the vehicles are driving.