Home Consumer Patch Your OnStar iOS App to Avoid Getting Your Car Hacked

Patch Your OnStar iOS App to Avoid Getting Your Car Hacked

(PCMag.com)

By Andy Greenberg, Wired, Aug 1, 2015 – ONE CAR HACK down, an entire industry of potentially vulnerable vehicles to go.

On Friday afternoon, GM OnStar announced a software update to its RemoteLink app for iPhone to patch a security vulnerability that could have been used from across the internet to track GM vehicles, unlock their doors, start their ignitions, and even access the car owner’s email and address. Responding to WIRED’s story Thursday about the vulnerability revealed by security researcher Samy Kamkar, GM had said it fixed the flaw through a change to its server software. But after Kamkar pointed out that the attack wasn’t blocked in his subsequent tests, the company has now also created a patch for its iOS app and says iPhone and iPad users should follow up by updating their RemoteLink app to fully protect their vehicles.

“Based on our initial conversations with Samy, we made changes that did not require user interaction. In our continued testing and conversations with him yesterday, we confirmed that [fix sufficed] for Android, Windows and Blackberry users but not for Apple iOS users,” wrote GM spokesperson Renee Rashid-Merem in a statement to WIRED. “GM takes matters that affect our customers’ safety and security very seriously… An update is now available via Apple’s App Store. Impacted customers will receive a communication from OnStar today and the previous version of the app will be decommissioned following that communication to ensure customer security.”

Kamkar had proven the existence of that OnStar vulnerability with a proof-of-concept device he plans to detail at the hacker conference DefCon next week. The book-sized gadget he developed, which he calls “OwnStar” in a reference to the hacker term to “own” or gain control of a target computer, is designed to be hidden under the chassis or bumper of a GM vehicle the attacker is targeting. When the car’s owner uses the OnStar RemoteLink app within Wi-fi range of the car, OwnStar exploited an authentication flaw in the app to intercept the user’s credentials and send them wirelessly to the hacker. And with those credentials in hand, a hacker could do anything to the vehicle that the RemoteLink app allows, including tracking it, unlocking doors, honking the horn, starting the ignition and accessing all the personal information in the user’s OnStar account. “If I can intercept that communication, I can take full control and behave as the user indefinitely,” Kamkar told WIRED earlier this week.

Faith Based Events
[vc_cta_button title=”CONTINUE READING” target=”_self” color=”btn-info” icon=”none” size=”btn-large” position=”cta_align_bottom” css_animation=”appear” href=”http://www.wired.com/2015/07/patch-gm-onstar-ios-app-avoid-wireless-car-hack/”]

Disclaimer

The information contained in South Florida Reporter is for general information purposes only.
The South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service.
In no event shall the South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice.
The Company does not warrant that the Service is free of viruses or other harmful components