Friday, 31 July 2015

Hacker Makes Tool To Unlock GM Cars Remotely

The well-known hacker Samy Kamkar has a tool designed to cars from manufacturer General Motors (GM) are located remotely open and start. GM offers car owners a service called OnStar with which the car can be found via a smartphone app, opened and started.

Kamkar developed for 100 dollars a small device, the OwnStar that a car or truck should be placed and the communication of the smartphone to the app to intercept. The problem with the app is that SSL be used to exchange encrypted data, but the certificate does not correctly check to ensure that there is communication with the real OnStar servers.

The Ownstar consists of a Raspberry Pi and three radios and can occur as a friendly network. Once the user's GM Remote Link app launch and the smartphone within range of the device is a man-in-the-middle attack is carried out in order to steal the user's credentials. Then these data are from a 2G GSM connection is sent to the attacker. With the login information, an attacker then follow the car, open the doors, start the engine or to sound the horn or alarm.

Starting on distance is not possible, this is still requires a human operator. GM is now working on an update to address the problem, as a spokesperson of the automaker opposite Wired know. During the upcoming Def Con conference in Las Vegas will Kamkar provide more information about his attack. The following video shows already see a short demonstration.

No comments:

Post a Comment