Hacker shows he can locate, unlock and remote start GM vehicles

Welcome to our Community
Wanting to join the rest of our members? Feel free to Sign Up today.
Sign up


first 100 master race
First 100
Jan 15, 2015
A security researcher has posted a video on YouTube demonstrating how a device he made can intercept wireless communications to locate, unlock and remotely start GM vehicles that use the OnStar RemoteLink mobile app.

Samy Kamkar, who refers to himself as a hacker and whistleblower, posted the video today showing him using a device he calls OwnStar. The device, he said, intercepts communications between GM's OnStar RemoteLink mobile app and the OnStar cloud service.

Samy Kamkar
Hacker Samy Kamkar shows how after hacking the OnStar mobile app, he's able to use it to control a Chevy Volt.

The hack comes on the heels of another vehicle-related security breach that proved Fiats and Chryslers with early model versions of the UConnect Infotainment system could be broken into electronically, and the UConnect system used to control vital vehicle functions. Those hackers were able to control vehicle acceleration, braking and ignition systems, among others.

After the hack was made public, Fiat Chrysler Automobiles (FCA) issued a recall notice for 1.4 million vehicles in order fix a software hole that allowed hackers to wirelessly break into some vehicles and electronically control vital functions.

also plans to look into the matterand two U.S. senators also called for an investigation into Chrysler's handling of the recall, which they said came nine months after the company knew about the security flaw.

OnStar is GM's subscription-based, in-vehicle service that provides vehicle security, hands free calling, turn-by-turn navigation and remote diagnostics.

RemoteLink, for its part, is GM's OnStar mobile app that allows users to unlock and remote-start their vehicles from almost anywhere. The app also can turn on headlights, sound the horn and manage an equipped vehicle's Wi-Fi hotspot.

Kamkar said that after a user opens the OnStar Remote Link app on his or her mobile phone "near the OwnStar device," OwnStar intercepts the communication and sends "specially crafted" data packets to the mobile device to acquire additional credentials. The OwnStar device then notifies the attacker about the new vehicle that the hacker has access to for an indefinite period of time, including its location, make and model. And at that point, the hacker can use the Remote Link app to control the vehicle.

Def Con hacking conference as well as on his YouTube channel andwebsite.

The OnStar RemoteLink app works with Apple iOS, Android, BlackBerry and Windows mobile devices and has been downloaded by more than 3 million people, according to OnStar's website.