Skip to main content
  1. Home
  2. Cars
  3. News

OnStar hack can remotely unlock cars and start engines, GM claims to have a fix

By

gm maps for self driving cars onstar
Image used with permission by copyright holder
Following a dramatic demonstration of car hacking involving a Jeep Cherokee, a researcher claims to have found a way to break into General Motors’ OnStar telematics system and take control of certain vehicle functions remotely. GM says it has a fix, though.

Sammy Kamkar built a small device about the size of a router that he calls, a bit cheekily, “OwnStar.” It’s designed to break into the OnStar system and do anything one of its operators can do, including remotely track a car, lock or unlock doors, or start the engine, according to Wired.

Recommended Videos

Kamkar reported the issue to GM before the Wired story was published, and plans to reveal full details of the hack during the DefCon conference next week. The carmaker claims to have already fixed the problem by instituting stronger certificate controls at the servers that control the OnStar RemoteLink remote-access app.

OwnStar relies on this smartphone app, which sends signals to a car’s onboard computers. The device must be positioned somewhere on the car itself, close enough to intercept these signals. It then poses as the car’s actual systems, and harvests the car owner’s credentials. A hacker can use those credentials to mimic the app, and give remote commands to the car.

This was possible because the OnStar app wasn’t originally programmed to check for fake encryption certificates, something GM claims to have corrected in its recent update. Unlike with the Chrysler vulnerability exposed by researchers Chris Valasek and Charlie Miller, this was done through the OnStar system’s servers, so owners won’t have to take any action.

However, Kamkar isn’t convinced that the problem has been fixed. Yesterday, he tweeted that the issue is “not actually resolved yet.” He said he had spoken to GM, and was told the company was working on a final fix.

Earlier this week, GM announced that it had surpassed 1 billion OnStar customer interactions, including those using the app, phone calls, and in-vehicle interfaces. It says about 8.8 million of those interactions were done through the app, and claims to have over 7 million OnStar subscribers right now.

Editors' Recommendations

Topics
Stephen Edelstein
Stephen Edelstein
Contributing Editor
Stephen is a freelance automotive journalist covering all things cars. He likes anything with four wheels, from classic cars…
Mercedes-Benz G580 first drive: old-school off-roader goes electric
2025 Mercedes-Benz G580 from three quarter view.

American car buyers mostly know Mercedes-Benz as a luxury brand. But for decades, the automaker has also produced the tough, rugged G-Class (also known as the Geländewagen or G-Wagen), an SUV not afraid to get its leather upholstery muddy. And now, this iconic Mercedes is going electric.

The 2025 Mercedes-Benz G580 with EQ Technology — the final name of the SUV previously known as the EQG — isn’t the first electric off-roader. The Rivian R1S and R1T and GMC Hummer EV have proven that electric powertrains and off-roading are a great combination. But the electric G-Wagen is different because it’s based on an internal-combustion model — and a very traditional one at that.

Read more
Honda believes hydrogen semi trucks will make the case for fuel cells
Honda hydrogen fuel-cell semi truck.

Honda remains committed to hydrogen fuel-cell vehicles, but the market for those vehicles remains limited. So Honda is looking at other uses for fuel cells -- including commercial trucks.

To show how that could work, Honda converted a semi truck to fuel-cell power, replacing its diesel engine with three fuel-cell modules. Together, the three modules produce a combined 321 horsepower, and can propel the truck to a top speed of 70 mph. There's enough onboard hydrogen storage capacity for a 400-mile range with a full load, Honda claims.

Read more
Mercedes-Benz G580 vs Rivian R2: Is the much cheaper Rivian actually better?
2025 Mercedes-Benz G580 from three quarter view.

Mercedes-Benz has finally taken the wraps off of the new "Mercedes-Benz G580 with EQ Technology." Yeah, it's a mouthful, but it's basically a new electric G-Wagon. It looks a lot like the G-Wagon you know and love, but with an electric powertrain and a battery. It's not the only electric SUV out there, however, and there are some great ones -- like the Rivian R2.

Both the Mercedes G580 and the Rivian R2 have a lot going for them, but they also approach the electric SUV slightly differently. Is one better than the other? I put the two head-to-head to find out.
Design
The approach that the two vehicles take to design is quite different -- and you might like one better than the other.

Read more