Fresh Hack Shows How Vulnerable Modern Cars Are

© Flickr / Dennis SkleyA hacker
A hacker - Sputnik International
Subscribe
Ever been afraid of someone else taking control of your precious automobile’s systems and driving you into some trouble? Fear more, there is a fresh hack which allows GM vehicles to be unlocked and remotely controlled by a third party without even asking you.

In a recent YouTube video a security researcher, or rather, as he calls himself, a whistleblower and hacker, Samy Kamkar, demonstrates how easily GM’s cars are accessible by practically anyone — simply through a mobile app breach.

An electronic dashboard of a 2015 Jeep Grand Cherokee is pictured on a car dealership in New Jersey, July 24, 2015 - Sputnik International
Recent Fiat and Chrysler Hack ‘Tip of the Iceberg’ - US Senator
He constructed a simple device which allows to hack GM official OnStar in-vehicle service’s mobile app, bringing any car equipped with the service under full control. And all this without necessarily asking any permission.

The hand-made device Kamkar labels OwnStar intercepts communication between the Remote Link mobile app and the in-vehicle service. A device acquires all the necessary credentials for locating, unlocking and controlling the car’s engine by sending specially produced data packages. Samy Kamkar said both GM and its onboard system developer OneStar have been receptive to him and immediately started finding a solution to the security issue.

“Fortunately, the issue lies in the mobile software and is not a problem with the vehicles themselves,” Kamkar explained and suggested OneStar users not to use its mobile app until GM releases a software patch. GM, for its part, confirmed in a statement to Computerworld it has started to work on the problem.

“GM product cybersecurity representatives have reviewed the potential vulnerability recently identified. In working with the researcher, we moved quickly to secure our back-office system and reduce risk,” the message reads.

“However, further action is necessary on the RemoteLink app itself. We take all cyber matters seriously and an enhanced RemoteLink app will also be made available in app stores soon to fully mitigate the risk.”

The car system hack comes after Jeep Cherokee 2015 was easily taken under remote control using its cellular connection by IT security techs late last month, as Wired reported.

Fiat Chrysler, which owns the Jeep brand, immediately issued a voluntary safety recall on 1.4 million cars to update software that “insulates connected vehicles from remote manipulation,” Fiat Chrysler said in a statement.

The company said they had no other reports of vehicle hackings or injuries due to software exploitation. Car hackings occur as more vehicles come with electronic technology, which analysts and industry fear could be used to remotely crash cars.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала