Security researcher Samy Kamkar was able to create a device called OwnStar, which allowed him to hack into the OnStar RemoteLink app for General Motors, and any car with OnStar. OnStar is GM’s vehicle security and communications service that allows drivers to access features like emergency services, navigation, and vehicle diagnostics. The OnStar app, according to Google’s Play store, has been downloaded onto a million Android devices. The white hat hacker only had to spend $100 on three radios and a Raspberry Pi computer, which he used to create the OwnStar device.
The RemoteLink app lets drivers turn their lights on and off, lock doors, check their car’s fuel and oil levels, and more. For hackers to use OwnStar, the car’s driver has to come within WiFi range of the device. The device then intercepts the communications sent from the GM vehicle owner’s smartphone. The OwnStar device could impersonate a friendly network, or use a default name to appear as a common WiFi network from a neighboring business. Kamkar was able to figure out how to use GM’s OnStar RemoteLink system to track a vehicle, unlock the doors, start the engine, and honk the horn. Kamkar, however, couldn’t drive the car away because the cars still need a driver’s key to change gears and move.
Kamkar was able to send commands to GM cars through the OnStar Remote Link App and said that he could behave as the car’s owner indefinitely. The OnStar app uses SSL encryption, but it doesn’t check to see if users are connecting only with the OnStar server. This leaves users vulnerable to man-in-the-middle attacks, and they likely won’t even know that their app has been compromised.
Smart cars aren’t the only cars that are vulnerable to being hacked. Kamkar also figured out how to grab a signature code from a wireless key with only a $32 radio device. The device, called RollJam, can also intercept codes from garage doors and open and close them.
The wireless keys on car doors and garages use “rolling codes,” which is when the device’s code changes with each use. This is to prevent thieves from picking up codes and using them at a later time. RollJam, however, performs a man-in-the-middle attack by jamming the signal coming from key fobs and garage door openers, and then it stores the code. To the owner of the car, it just looks like the code didn’t work. Then the owner tries the key again, but RollJam already has one code that it can use at a later time. According to Kamkar, almost any car with a wireless key fob is vulnerable to attacks from RollJam – including Ford, Nissan, Chrysler, Cadillac, Toyota, and Volkswagen vehicles.
The vulnerabilities in OnStar’s app, and in the wireless devices that unlock cars and garage doors demonstrate the greater need for IoT security. The news of these security risks come just after two researchers were able to hack into a Jeep Cherokee while it was going down the highway at 70 mph. Household devices like cars are increasingly becoming a part of the IoT sphere, but auto manufacturers have trouble keeping up with the cyber security requirements needed to stop hackers. Businesses can secure their IoT devices with Promisec Endpoint Manager (PEM) which offers the most advanced remediation framework in the industry, and provides cyber threat detection and malware protection. PEM has nearly endless flexibility for addressing gaps in endpoint security and operations health. PEM offers the endpoint protection needed to help businesses keep all of their network devices, including IoT devices, safe from vulnerabilities. PEM’s reports deliver detailed and easy to read information that helps CIOs address security and IT operations gaps.