GM's Onstar system offers features including the ability to locate the motor vehicle, unlock it, and start the engine, all of which you can do from an app using your smartphone. However, a man named Samy Kamkar, has recently developed a small $100 device that can easily hack into the car's Onstar system, if placed anywhere in the vehicle. Next week, during the DefCon hacker conference in Las Vegas Nevada, August 6 to 9, Kamkar plans to show the details of the new device that he's developed, which can allow a hacker to track a target vehicle, effortlessly unlock it, trigger the alarm, start the engine, or even cause a car accident.
“As soon as you’re on my network and you open the app, I’ve taken over,” Kamkar says.
Luckily for GM car owners, the device can do almost everything except for putting the car in gear and driving away. GM cars still require the key to be in the ignition for you to do so. So far, Kamkar has shown that if a hacker were to attatch the device somewhere on the vehcile's body, such as the a bumper or the chasis, the device can intercept and capture commands sent from the user's smartphone. This can ultimately lead to a variety of incidents ranging from privacy breaches to theft.
“If I can intercept that communication, I can take full control and behave as the user indefinitely,” says Kamkar, a well-known security researcher and freelance developer. “From then on I can locate your car, go up to it and unlock it, and use all the functionalities that the RemoteLink software offers.”
Once the driver comes within range of Kamkar's device, it impersonates a familiar Wi-Fi network, in order to trick the phone to connecting to it. Smartphones nowadays are constantly searching for available known networks to connect to. For example, Kamkar can name his network “attwifi” so that it appears and is recognized as a common Starbucks connection. If the owner of the vehicle opens the Onstar app while within Wi-Fi range of the device, it is designed to exploit a vulnerability in GM's app in order to steal the user's credentials and send them to the hacker. Kamkar has said that once a hacker recieve's the car owner's credentials, they can cause havok from anywhere across the internet. A hacker could potentially run the vehicle's ignition to drain the gas, or even fill a garage with carbon monoxide.
If you have been injured in a car or motorcycle accident, contact an attorney at The Michigan Law Firm, PLLC. Our accident lawyers specialize in all types of auto accident cases. Call us today for a free consultation at 844.4MI.FIRM.