SECURITY: OwnStar Hacks Into GM’s OnStar Remote Access

Posted by

Yesterday, the day after GM celebrated its OnStar telematics system reaching one billion interactions, a security researcher posted a video showing how to hack into it.

This unwelcome bit of news comes when we’re a bit jumpy about car tech security, after last week’s demonstration of a hack that allowed a Jeep Cherokee to be commandeered via remote access. Parent company FCA quickly issued a recall to fix the problem.

BMW faced a similar issue earlier this year, when the German Automobile Association (ADAC) found that BMW’s Connected Drive remote access could be breached. BMW sent out an over-the-air patch.

Now it’s OnStar that has landed in the remote-access crosshairs, and while GM is working on it, Los Angeles-based security researcher Samy Kamkar has tweeted that it’s still not fixed.

ownstar_3Kamkar hits security from a few different angles. His videos range from hacking remote garage doors with a kid’s texting toy, to opening combination locks with a 3D-printed code cracker.

Kamkar dubbed his OnStar hacking device OwnStar, and he notes that it cost less than $100 in materials.


Here’s how it works: OwnStar’s antennas sniff out a nearby user of OnStar’s RemoteLink phone app. Kamkar explains:

“OwnStar intercepts the communication, sends specially-crafted packets to the mobile device to acquire additional credentials, and then notifies me, the attacker, about the new vehicle that I indefinitely have access to.”

Then, Kamkar demonstrates using that hacked access on a Chevy Volt to unlock the doors and start the engine.


Kamkar explains that the issue is not with the car; rather, it’s the software in the remote app that is allowing the breach.

As GM continues to work on a fix, the stats it released trumpeting OnStar’s billion-interaction mark spell out the risks. Since starting in 1996, OnStar has fielded 156 million RemoteLink mobile app requests. That number will continue to head skyward as smartphones become as common as corn flakes.


GM also noted that there are 1.5 million active RemoteLink users. Since hacker access is granted when the user operates the app, Kamkar recommends laying off it until GM’s fix sticks.

For his part, Kamkar seems to genuinely care for the safety of those app users – his frustration with garage-door manufacturers in producing such easily hackable codes is palpable – and so we should be grateful that one of the good guys has stepped into GM’s security breach, before the bad guys got there first.

Here’s Kamkar’s OwnStar YouTube video.

Tell us in the comments – what do YOU think of OwnStar?