In a recent YouTube video a security researcher, or rather, as he calls himself, a whistleblower and hacker, Samy Kamkar, demonstrates how easily GM’s cars are accessible by practically anyone — simply through a mobile app breach.
The hand-made device Kamkar labels OwnStar intercepts communication between the Remote Link mobile app and the in-vehicle service. A device acquires all the necessary credentials for locating, unlocking and controlling the car’s engine by sending specially produced data packages. Samy Kamkar said both GM and its onboard system developer OneStar have been receptive to him and immediately started finding a solution to the security issue.
“Fortunately, the issue lies in the mobile software and is not a problem with the vehicles themselves,” Kamkar explained and suggested OneStar users not to use its mobile app until GM releases a software patch. GM, for its part, confirmed in a statement to Computerworld it has started to work on the problem.
“GM product cybersecurity representatives have reviewed the potential vulnerability recently identified. In working with the researcher, we moved quickly to secure our back-office system and reduce risk,” the message reads.
“However, further action is necessary on the RemoteLink app itself. We take all cyber matters seriously and an enhanced RemoteLink app will also be made available in app stores soon to fully mitigate the risk.”
The car system hack comes after Jeep Cherokee 2015 was easily taken under remote control using its cellular connection by IT security techs late last month, as Wired reported.
Fiat Chrysler, which owns the Jeep brand, immediately issued a voluntary safety recall on 1.4 million cars to update software that “insulates connected vehicles from remote manipulation,” Fiat Chrysler said in a statement.
The company said they had no other reports of vehicle hackings or injuries due to software exploitation. Car hackings occur as more vehicles come with electronic technology, which analysts and industry fear could be used to remotely crash cars.