A device that takes control of cars and thought to only affect General Motors cars has evolved to include BMW, Mercedes and Chrysler motor vehicles. A Los Angeles based security analyst has come up with an improved version of the OwnStar device that can now wirelessly hack into any of these vehicles and remotely start them.
Samy Kamkar stirred the auto industry when he revealed that an upgraded OwnStar device he created can hack into the operations of GM, BMW, Mercedes and Chrysler vehicles. Speaking at the DefCon Security conference in Las Vegas this week, Kamkar attributed the hack to mobile software communications channels that exposed the car user’s details and could be intercepted by OwnStar.
Kamkar revealed that the OwnStar device, originally developed for GM’s RemoteLink OnStar communications, can detect mobile-car signals and inject packets of data that enable the hacker to receive the communication streams and even access user credentials. It is those user credentials that are used to access the car user’s OnStar account, and with that, the car’s full functionality.
Today, OwnStar has moved beyond GM and has adapted the tools for hacking other car applications including BMW’s Remote, Chrysler’s Uconnect and Mercedes Benz’s mbrace.
According to Kamkar, all the device needs to execute an attack is to be stationed in a portable case next to a target vehicle. From there, it can capture the credentials from exposed communication streams, remotely unlock, lock down and even start a vehicle, completely overriding owner controls.
Early in August, Fiat Chrysler recalled 1.4 million vehicles over security fears after random hackers demonstrated they could hack into the car and completely take control of the vehicle’s functions including starting, air conditioning, seat belts, accelerating, decelerating and even braking.
Kamkar said he was in talks with BMW, Mercedes and Chrysler to improve on the cars’ security.
Vehicle owner security was thrown in the limelight when Fiat Chrysler recalled over a million vehicles due to security concerns. Electric carmaker Tesla Motors also recently found itself the victim of vehicle hacking attacks and promptly poached Google’s head of security to secure its almost fully-wired cars.
The new OwnStar device shows that likely many more vehicles can be hacked into. Automakers are now faced with placing increased attention on guaranteeing end user safety for the millions of ordinary citizens on the road using wired cars.