Smart, connected cars are increasing at a rapid pace. Be it BMW or Mercedes, everyone focuses on creating cars that could easily connect with a driver’s smartphone and other devices.
When these vehicles stay connected 24/7 and are readily accessible to the owner, it is obvious that it could also be accessed by a hacker if someone manages to hack into the system. OwnStar hack, a program designed by Samy Kamkar earlier displayed how it could be used to hack into OnStar computer on a GM’s vehicle.
The hacker, using his self-developed tool, demonstrated how he could gain access into a car’s infotainment system and remotely confirmed it. While most manufacturers opined that it is not possible with every system in the world, Kamkar proved one more time that he could gain access into the computers used by world’s top brands.
The newly hacked list of vehicles includes BMW, Mercedes Benz and Chrysler. The homemade OwnStar box is just $100 which can be used to intercept the communications of a smart car and send commands if the hacker decides to. Using his box, Kamkar hacked into Remote used by BMW, mbrace by Mercedes and Uconnect by Chrysler.
Earlier, he did the same with GM’s vehicle. Once access is granted, the person could remotely control all the features in the car, including its locking system, brakes and engine and maybe stop the car when it is travelling at a high speed. The only thing that a hacker can’t do is that they can’t drive the car remotely.
Kamkar confirmed that he managed to hack into all these systems by exploiting a vulnerability found on the infotainment system as well as the iOS app that is used to communicate with it. He added that the same vulnerability has been spotted in all the car apps which allowed him to hack them all at once, with minimal effort.
Even though, it’s bad news for car manufacturers, they didn’t budge at all. Instead, GM immediately released a patch for their RemoteLink mobile app, while Mercedes Benz and BMW confirmed that they use a security system that is same as the ones used by banking apps.
They added that it is virtually impossible to hack it as suggested by Kamkar, while Chrysler blamed him for exposing an exploit that could lead to criminals making use of it before a patch is released. Buyers should be aware of such hurdles when opting for a smart car.