Pierluigi Paganini August 17, 2015

While the Ownstar attack has been fixed by GM, the same flaw affects also BMW Remote, Mercedes-Benz mbrace, and Chrysler Uconnect apps.

Recently I wrote about the OwnStar attack presented by the popular hacker Samy Kamkar, a new gadget designed by the expert that could be exploited to hack GM Cars. The tool developed by Kamkar allows to locate the vehicles, Unlock, and Start Them.

News of the day is that the OwnStar attack works also with cars manufactured by other automakers, including BMW, Chrysler and Mercedes-Benz.

Basically, Kamkar has built a gadget, based on a Raspberry Pi, to intercept the traffic from nearby mobile devices running a specific app that could control some features of the vehicles. Kamkar demonstrated it was working against the GM OnStar RemoteLink app, in response, GM promptly issued a fix.

“After a user opens the RemoteLink mobile app on their phone near my OwnStar device, OwnStar intercepts the communications and sends specially crafted packets to the mobile device to acquire additional credentials then notifies me, the attacker, about the vehicle that I indefinitely have access to, including its location, make, and model,” Kamkar explained in a video PoC of the Ownstar attack.

Kamkar discovered OwnStar attack BMW Remote, Mercedes-Benz mbrace, and Chrysler Uconnect apps all are vulnerable to the attack.

I’ve updated OwnStar to also unlock cars from and attack BMW Remote, Mercedes-Benz mbrace, and Chrysler Uconnect. https://t.co/qRsjtLnRlM

— Samy Kamkar (@samykamkar) 13 Agosto 2015

The expert noticed that the mobile apps used by the automakers fail to validate SSL certificates.

Kamkar won’t be releasing the updated code for the OwnStar attack for at least 30 days to give time the automakers fix the security issue.

At this point let’s hope other automakers will carefully analyze their systems searching for similar flaws.

Pierluigi Paganini

(Security Affairs – Kamkar, OwnStar attack)