The famous hacker Samy Kamkar recently a tool presented that he cars from General Motors could open remote start and has expanded its device, which also cars from BMW, Mercedes-Benz and Chrysler are no longer safe. This has Kamkar via Twitter announced.
Like General Motoros other manufacturers offer a smartphone app to locate car, open and start. It involves BMW Remote, Mercedes-Benz mbrace and Uconnect Chrysler. Kamkar developed for 100 dollars a small device, the OwnStar that a car or truck should be placed and the communication of the smartphone to the app to intercept.
The Ownstar consists of a Raspberry Pi and three radios and can occur as a friendly network. Once the user starts the app and the phone within range of the device is a man-in-the-middle attack is carried out to steal the user's credentials. Then this data via a 2G GSM connection is sent to the attacker. With the login information, an attacker then follow the car, open the doors, start the engine or to sound the horn or alarm.
The problem is that with the apps who do use SSL to exchange encrypted data, but the certificate not control well to ensure that there are also communicates with the real servers of the mobile service. General Motors fixed it the problem but Kamkar discovered that the problem with BMW, Mercedes-Benz and Chrysler plays. According to the hacker, the cars thus easy to fall into. Manufacturers are now working on an update, but that is not yet available. Kamkar advises car owners not to use temporarily the corresponding apps.
No comments:
Post a Comment