PCA Forums

http://www.engadget.com/2015/07/30/onst ... -GM-fixed/
OnStar hack remotely starts cars, GM working on a fix

Hacker Samy Kamkar unveiled his latest triumph this morning: OwnStar, a tiny box that acts as a Wi-Fi hotspot and intercepts commands sent from a driver's OnStar RemoteLink app, allowing an unauthorized user to locate, unlock or start the vehicle. Simply place the box somewhere in an OnStar-connected car and wait for the driver to start up the RemoteLink app within range of the vehicle. The driver's smartphone should automatically connect to OwnStar's network and, voila, the hacker now has all of the car owner's information (email, home address, final four digits on a credit card plus expiration date), and control of the car. GM has already issued one patch this morning aimed at securing the RemoteLink app, but it was unsuccessful, according to Kamkar.

Kamkar never intended to wreak havok with OwnStar, he said in an interview with Wired. He wanted to expose a vulnerability in the OnStar app and help GM fix it -- and it seems as if that's precisely what's happening. GM is working to patch the RemoteLink bug now and Kamkar says he's in contact with the company as they fix it. He plans to reveal more technical details about OwnStar at Defcon 2015, which runs from August 6th to the 9th in Las Vegas.

This is the second major car-based hack to surface this month. On July 24th, Fiat Chrysler issued a voluntary recall of 1.4 million US vehicles with certain touchscreen entertainment systems, after Wired reported that it was possible to remotely cut the engine, disable and activate the brakes, and track the location of these cars.

I have always believed onStar was vulnerable. It has also been revealed in court documents that they can listen to you over onStar without your knowledge under court order. Or bored OnStar techs presumably.

One reason why I bought my wife a Lincoln instead of a Caddy 2 years ago. The Lincoln pulls satellite data for traffic & weather, but it's not connected to a cell network.

Cellular links like onStar and what Chrysler uses is just not needed in this day in age when we all have smart phones.

I've always been suspicious of onStar ever since I saw the commercial that demonstrated how they could unlock your car if you let your keys inside. These cellular systems need to be totally separate from the main computer.

but but but... then you could not see whats playing on the radio displayed on the dash!

the cost of On-Star is crazy plus I got pissed off when they automatically withdraw the next years payments from your account .they don't forewarn you .I know this for a fact it cost me a overdraft fee. just happen at the wrong time. what pissed me off even more was the dealer didn't inform us. that they activated On-Star using the credit history we gave them when we bought the new car. this was when wife lease are first car that had it installed on it.we make sure now that wont happen again, was I pissed to but it was about 10 1/2 to 11 months after we owned the car.kind of hard to remember or not if she approved the credit use . it also could of been in the fine print of the contract she signed at the time.
but we always make sure its not now.