In a video posted on Thursday night, “White-hat” hacker Samy Kamkar has warned that the OnStar RemoteLink mobile app for General Motors’ (GM) OnStar vehicle communications system is potentially at risk of being hacked.
According to the details shared by Kamkar, a security vulnerability in the OnStar RemoteLink mobile app for GM’s OnStar system can be exploited by hackers to unlock cars and start their engines remotely.
Reporting the security flaw in the OnStar RemoteLink mobile app, Kamkar said that he had found a way to intercept communications between the OnStar RemoteLink mobile app and GM’s OnStar service, and gain the ability to “locate, unlock and remote-start” vehicles.
To hack the OnStar RemoteLink mobile app, Kamkar has developed a small box which has been made from three radios and a Raspberry Pi mini-computer. When the box is within Wi-Fi range, Kamkar can snoop in on the communications of a GM car owner with his GM OnStar, as well as hack into the computer system and carry out several other activities except for actually driving away with the car.
Kamkar said that he will disclose the technical details about the possible hacking risk faced by the OnStar RemoteLink mobile app when he demonstrates the hack at the Def Con conference which is scheduled to be held in Las Vegas next week.