Real World Attack-GM Onstar
Broadly speaking, the messages are sent to the vehicle and can be sniffed (Evenchick, 2013) with various tools. This process is not exceptionally complicated and requires a bit of sophistication. The vendor for this specific attack was OnStar (Cluley, 2015), who provides services to General Motors (GM) vehicles. OnStar uses the AT&T cell network to connect with the GM vehicles. OnStar’s Remote Link mobile app function allows the user to remotely connect to the car from a smartphone, much like other vehicle manufacturer’s connectivity. The attack had been named Ownstar, which was created by Sam Kamkar so he could hack his 2013 Chevrolet Volt (Perkins, 2015). The cost of the equipment was not significant to the point to be prohibitive to construct it. The equipment expense was estimated at $100 to create (Paganini, 2015; Cluley, 2015). At this price point, nearly all relevant parties would be able to construct this with ease.
The attack used a simple main-in-the-middle (MitM) attack. As the vehicle was contacted, this would send the return message(s). These messages between the user and vehicle were intercepted. This showed the vehicle’s location and model. Once the attacker has this, the vehicle can be located, unlocked, and the Remote Link function could be used to start the vehicle. This issue may appear to be not significant, however this is a breach of the security. This attack also was limited in scope and there could have been other abuses of the app that would have been able to further disable the vehicle. With more time placed on the project, there may have been further vulnerabilities found.
The issue was with the smartphone app and not with the physical vehicle. This was the weak link that was easily exploitable. The vulnerability was fixed with an update for the app (Finkle & Woodall, 2015). The first patch did not catch all of the issues and a second patch had to be downloaded (Stevens, 2015).
Learn more ways to protect your business at The National Cybersecurity Institute.
Cluley, G. (2015, July 30). How to hack, track and unlock a GM car via On Star. Retrieved from https://www.grahamcluley.com/2015/07/hack-track-unlock-car-onstar/
Cluley, G. (2015, September 11). Millions of General Motors’ cars were vulnerable to hackers for almost five years. Retrieved from http://www.notforsecurity.com/blog/millions-of-general-motors-cars-wree-vulnerable-to-hackers-for-almost-five-years-12649.html?utm_source=cluley&utm_campaign=c77584ad4b-Graham_Cluley&utm_medium…
Evenchick, E. (2013, October 22). CAN hacking: The in-vehicle network. Retrieved from http://hackaday.com/2013/10/22/can-hacking-the-in-vehicle-network/
Finkle, J. & Woodall, B. (2015, July 30). Researcher says can hack GM’s OnStar app, open vehicle, start engine. Retrieved from http://www.reuters.com/article/us-gm-hacking-idUSKCN0Q42FI20150730
Paganini, P. (2015, July 31). Hack your general motors car with $100 ownstar. Retrieved from http://securityaffairs.co/wordpress/38999/hacking/hack-gm-cars-ownstar.html
Perkins, C. (2015, July 31). Hacker discovers a major vulnerability in GM cars, hijacks vehicle functions. Retrieved from http://mashable.com/2015/07/31/gm-onstar-hack-#TXV0RdSrScqr
Stevens, T. (2015, July 30). GM issues fix for On Star hack. Retrieved from http://www.cnet.com/roadshow/news/ownstar-onstar-hack/
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Mr. Parker has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.