It’s becoming clearer that most any car is hackable. Reports before,
during, and after DefCon showed that. Here’s the most recent hack news:
The ubiquitous Samy Kamkar showed how his OwnStar device was adapted to
get into the car via their remote iOS apps. He targeted BMW Remote,
Mercedes-Benz mbrace, and Chrysler Uconnect services, all on Apple iOS.
The flaw, according to Kamkar, is the automaker’s almost
childlike faith that the certificate on the remote server is valid,
disregarding what kind of network provides the connection and whether
it’s a legitimate remote server or one that just says it is.
How it works
OwnStar
is a small Raspberry Pi PC with wireless connections in a portable
carry case. The hacker puts it near the vulnerable car. When the owner
issues a remote unlock or other command from an iPhone or other iOS
device such as remote start, OwnStar gloms onto the exchange and grabs
the logon credentials. OwnStar then mimics the owner’s remote device to
access the car and has access to all the remote functions.
OwnStar uses the phone’s preference for WiFi networks to its
advantage. On the AT&T mobile network, if an iOS device sees the
SSID “attwifi” being broadcast by OwnStar, it attempts to pair with the
OwnStar device, which happily complies as a passthrough, all the while
capturing and remembering the data stream. The hacker could get into the
car and start or shut down the engine, but not actually drive away.
Should be patchable
Kamkar says he’s alerted the current crop of vulnerable
automakers — BMW, Mercedes, Chrysler — of the need to pitch their
wireless systems. For now, in cases there are hackers in the mall
parking lot, don’t use wireless access. No problem using your remote key
fob; that’s safe. Probably.
Who hasn’t been hacked yet?
At the start of August, Kamkar showed how GM cars with OnStar
— virtually every GM vehicle — were vulnerable. Before that, it was
Chrysler again. GM was able to issue a patch to its OnStar RemoteLink in
a day, and disabled the vulnerable older versions until the user
updated.
In reader comment posts to many of the stories floating
about this month, people who say they’ve been engineers or QA testers
were often doing their work in the labs or shops with mock dashboards
rather than out on the highway. In the lab, it was assumed there were no
vulnerabilities (true for the lab), and they felt comfortable using
commonplace passwords such as “testpass” and/or accepting any logon
attempt that seemed valid. If a WiFi device SSID read “attwifi,” it was
valid, they let their guard down, and didn’t protect against the dangers
to the cars in real-life situations. And until Kamkar came along, the
minimal defenses were enough. Not any more.
OwnStar
is a small Raspberry Pi PC with wireless connections in a portable
carry case. The hacker puts it near the vulnerable car. When the owner
issues a remote unlock or other command from an iPhone or other iOS
device such as remote start, OwnStar gloms onto the exchange and grabs
the logon credentials. OwnStar then mimics the owner’s remote device to
access the car and has access to all the remote functions.
At the start of August, Kamkar showed how GM cars with OnStar
— virtually every GM vehicle — were vulnerable. Before that, it was
Chrysler again. GM was able to issue a patch to its OnStar RemoteLink in
a day, and disabled the vulnerable older versions until the user
updated.
Comments
Post a Comment