OwnStar is a device that can locate, unlock and remote start any vehicle with OnStar RemoteLink after intercepting communication between the RemoteLink mobile app and OnStar servers.
When director Sam Esmail was casting for his latest cyberpunk–thriller TV series Mr. Robot, we’re surprised serial hacker Samy Kamkar wasn’t in the running for the star role. That’s because, in just the last year alone, the 29-year-old has devised a plug-in box capable of tracking everything you type, a 3D-printed robot that can crack combination locks, and his own radio device for online anonymity. Added to that growing list is a tablet-sized unit can easily tap into and wirelessly take control of a GM car’s futuristic features.
Undoubtedly, car hacking will be a hot topic at this year’s Black Hat and DEFCON events. Cognizant of this, the Los Angeles-based entrepreneur has created what he’s calling OwnStar, a device that can locate, unlock and remotely start any vehicle with OnStar RemoteLink after intercepting communication between the RemoteLink mobile app and OnStar servers.
As you can see in the video below, the system is driven by a Raspberry Pi and uses an ATmega328 to interface with an Adafruit FONA for cellular connection. After opening the OnStar RemoteLink app on a smartphone within Wi-Fi range of the hacking gadget, OwnStar works by intercepting the communication. Essentially, it impersonates the wireless network to fool the smartphone into silently connecting. It then sends specially crafted packets to the mobile device to acquire additional credentials and notifies the attacker over 2G about the new vehicle it indefinitely has access to, namely its location, make and model.
First reported by WIRED, Kamkar has revealed that if a hacker can plant a cheap, homemade Wi-Fi hotspot somewhere on an automobile’s body — whether that’s under a bumper or its chassis — to capture commands sent from the user’s smartphone, the results for vulnerable car owners could range from pranks and privacy breaches to actual theft.
With the user’s login credentials, an attacker could do just about anything he or she wants, including tracking a car, unlocking its doors and stealing stuff inside (when carjacking meets car hacking), or starting the ignition from afar. Making matters worse, Kamkar tells WIRED that remote control like this can enable a malicious criminal to drain the car’s gas, fill a garage with carbon monoxide or use its horn to drum up some mayhem on the street. The hacker can also access the user’s name, email, home address, and last four digits of a credit card and expiration date, all of which are accessible through an OnStar account.
It’s evident that Kamkar’s objective here isn’t to help thieves and endanger the lives of drivers; instead, he is hoping to utilize OwnStar to raise awareness around the vulnerabilities of connected cars. Fortunately though, the actual issue lies on the mobile software and not the GM vehicles themselves. The carmaker has already been receptive of this discovery and plans to fix the matter at hand. Until then, the hacker advises owners to refrain from opening the app until an update has been provided by OnStar.
Intrigued? Kamkar says that he will provide more details around this and other hacks at DEFCON, which he will share on his website as well. Until then, you can watch the demonstration that was conducted on a friend’s 2013 Chevy Volt.
NOTE: Kamkar has confirmed that OnStar has indeed resolved the vulnerability and a RemoteLink app update has been released.