A researcher has issued a powerful warning to users of the General Motors mobile application OnStar – which links to the OnStar vehicle infotainment system –claiming malevolent hackers could use a newly found security flaw to disarm the protection of cars and start engines from a distance.
“White-hat” hacker Samy Kamkar showcased in a video psoted on Thursday how he managed to find a way to “locate, unlock and remote-start” vehicles by tapping into the communications between the OnStar RemoteLink mobile app and the OnStar service, exploiting a security flaw in the process. Kamkar added he would offer more details of a technical nature on the hack in Las Vegas next week during the Def Con conference, where tens of thousands of hacking aficionados and cybersecurity experts will converge and discuss the newly found cybersecurity vulnerabilities. Kamkar also showcased the video just a week after a Fiat Chrysler Automobiles Jeep with a similar vulnerability was taken over in a controlled test by two friendly hackers. The Italian-American company swiftly recalled around 1.4 million vehicles to address the serious vulnerability.
According to a GM spokesperson that talked to Reuters, the company was ready to deploy an update to the RemoteLink app that would close the security gap. “We believe the chances of replicating this demonstration in the real world are unlikely. In addition, the action involves one user at a time, and would impact only that specific user’s account,” commented the person about the safety of consumers employing the app before the update is installed.