Friday, 31 July 2015

Hacker locates, unlocks GM OnStar-equipped vehicle


Samy Kamkar’s OwnStar WiFi device used in the hack
Credit: Julian Berman/Samy Kamkar/Wired

You may recall last year a Tesla Model S was hacked in a competition at SyScan360 in Beijing.

More recently, a hack effecting Fiat Chrysler vehicles, resulted in a recall of 1.4 million vehicles.

That article mentioned that vehicles from other manufacturers remained an unknown quantity.

Now, a hack has been demonstrated on an OnStar-equipped General Motors vehicle. It is a man-in-the-middle attack on a vulnerability in the OnStar phone app. As a work-around, until GM releases a fix, the hack can be defeated by uninstalling the OnStar phone app.

It is different to the Fiat Chrysler hack in a number of other ways, including:
● no danger to human life
● limited functionality available to the hacker
● requires the OwnStar WiFi connected device (image above) close to, or attached to the target vehicle

Good news
● requires an OwnStar device close to, or attached to the target vehicle
● device is relatively large, which reduces deployability
● threat is limited to nuisance (sounding horn or alarm), or theft of property from the car
● no evidence of threat to life (unlike Fiat Chrysler hack)
● engine can only be run briefly, one time, unless the vehicle key is present
● vehicle can’t be moved by this method
● can be defeated by uninstalling OnStar app from phone

Bad news
● this hack was developed with many fewer resources than the Fiat Chrysler hack (single hacker, just a few weeks of effort, much less expense)
● device is relatively large, but, since it is a prototype, a smaller, more easily deployed version is certainly possible
● uncertainty over whether this vulnerability has been successfully patched at this time

http://www.wired.com/2015/07/gadget-hacks-gm-cars-locate-unlock-start/?mbid=nl_73015

http://www.reuters.com/article/2015/07/30/us-gm-hacking-idUSKCN0Q42FI20150730

http://www.cnet.com/au/news/ownstar-onstar-hack/ / token General Motors GM WIRED fixed the vulnerability Kamkar’s proof-of-concept device exploited exploit OnStar users problem is not yet resolved GM company is still working on it GM’s Onstar service features any connected car locate the vehicle unlock it start its ignition Google Android Apple iOS iPhone smart phone smartphone app hacker Samy Kamkar hidden small $100 box OnStar equipped car truck vehicle conveniences unintended hands consequences DefCon hacker conference Kamkar plans present details new attack GM’s OnStar RemoteLink system develop developed allow hacker track target vehicle unlock it trigger horn alarm start its engine put the car in gear drive it away function requires presence driver’s key fob token Kamkar’s hacker can plant cheap homemade Wi-Fi hotspot device car’s body under bumper chassis capture commands sent user’s smartphone results vulnerable vehicle owners could range nasty pranks privacy breaches theft intercept that communication take full control user indefinitely Kamkar well-known security researcher freelance developer geolocate your car unlock it function functionalities RemoteLink software within Wi-Fi range OwnStar hacker jargon own control a system impersonates familiar Wi-Fi network trick user’s phone silently connecting modern smartphones constantly probe known networks paperback-sized box three radios Raspberry Pi computer listen for impersonate friendly network default attwifi appear common Starbucks connection user launches GM RemoteLink Android iOS app phone’s within Wi-fi range connected OwnStar designed exploit vulnerability GM’s app steal user’s credentials send data 2G cellular connection hacker my network open the app user’s RemoteLink login credentials hacker patiently track a car retrieve hacking device unlock car’s doors steal anything inside across the Internet start the vehicle’s ignition use horn alarm access user’s name email home address last four digits credit card number expiration date accessible OnStar account Kamkar demonstrates attack tested attack 2013 Chevy Volt works with any RemoteLink-enabled vehicle takes advantage authentication problem OnStar smartphone app vulnerability specific to any vehicle installed million Android devices Google’s Play store app use SSL encryption doesn’t properly check certificate ensures user’s phone communicating only OnStar server OwnStar deviceman-in-the-middle attack impersonating server intercept user’s data GM Onstar fix the problem, simple update RemoteLink app company’s security team working on a patch Kamkar’s hack enhanced security potential threats arise GM Product Cybersecurity representatives reviewed potential vulnerability immediate fix being implemented address this concern GM vehicles larger problem cars being vulnerable digital attackers devices internet of things computerized networked lack of security pay more attention devices connected smart proof of concept car hacking Black Hat DefCon hacker conference most interesting security research vehicles vulnerabilities /