OwnStar
Latest
OwnStar car hacker can remotely unlock BMWs, Benz and Chrysler
Last month security researcher Samy Kamkar announced a vulnerability that allowed him to remotely unlock OnStar-enabled GM cars. While that issue has been fixed, it looks like the same vulnerability found in OnStar is also present in BMW Remote, Mercedes' mbrace and Chrysler's Uconnect. Kamkar told Engadget via email, "the issue itself is the same exact SSL certificate issue that affected OnStar/GM (which they've resolved two weeks ago). It was barely any tweaking of the original system -- a few lines of code to add support per vehicle." Uh oh.
OnStar hack remotely starts cars, GM working on a fix
Hacker Samy Kamkar unveiled his latest triumph this morning: OwnStar, a tiny box that acts as a Wi-Fi hotspot and intercepts commands sent from a driver's OnStar RemoteLink app, allowing an unauthorized user to locate, unlock or start the vehicle. Simply place the box somewhere in an OnStar-connected car and wait for the driver to start up the RemoteLink app within range of the vehicle. The driver's smartphone should automatically connect to OwnStar's network and, voila, the hacker now has all of the car owner's information (email, home address, final four digits on a credit card plus expiration date), and control of the car. GM has already issued one patch this morning aimed at securing the RemoteLink app, but it was unsuccessful, according to Kamkar.
