Another day, another security flaw found in a connected car.
On Thursday, a hacker named Samy Kamkar revealed a gadget that he claims enables the takeover of any GM vehicle with the OnStar system.
The gadget, which Kamkar cleverly called the OwnStar system, allows a hacker to basically do exactly what the OnStar system does. A hacker can locate, unlock, and start the car using the gadget.
However, in order for the device to work, a hacker must first place a small wireless device somewhere on the car it wishes to breach.
Once the vehicle comes within WiFi range of Kamkar’s device, which he built for about $100, he is capable of gaining access to the car.
Kamkar posted a video on Thursday that showed how the device works, but he plans to reveal more details how the hack works at the big security conference Defcon next week.
The security flaw lies in the mobile software, Kamkar said in the video. It works by basically intercepting communication after the OnStar user opens the app. The OwnStar device gains the user’s credential and notifies the OwnStar user that they now have indefinite access to the vehicle.
A GM spokesperson told Tech Insider that a fix has already been implemented.
"GM Product Cybersecurity representatives have reviewed the potential vulnerability recently identified by Mr. Kamkar, and a fix has already been implemented to address this concern. No additional action is required by our customers," the spokesperson said.
"Cybersecurity is a global issue facing virtually every industry today, and a lot of work continues to been done at GM in this space. Our customers' safety and security is paramount and we are taking a multi-faceted approach to secure in-vehicle and connected vehicle systems, monitor and detect cybersecurity threats, and design vehicle systems that can be updated with enhanced security as these potential threats arise," the spokesperson added.
Check out Kamkar's demo of the device below.
