Researcher Says Can Hack GM's OnStar App, Open Vehicle, Start Engine

Advertisement
By Reuters | Updated: 31 July 2015 09:39 IST
A researcher is advising drivers not to use a mobile app for General Motors Co's OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely.

"White-hat" hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to "locate, unlock and remote-start" vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service.

Kamkar said he plans to provide technical details on the hack next week in Las Vegas at the Def Con conference, where tens of thousands of hacking aficionados will gather to learn about new cyber-security vulnerabilities.

Advertisement

Kamkar released the video a week after Fiat Chrysler Automobiles recalled some 1.4 million vehicles after hacking experts demonstrated a more serious vulnerability in the Jeep Cherokee. That bug allowed them to gain remote control of a Jeep travelling at 70 miles per hour on a public highway.

GM spokesman Terrence Rhadigan told Reuters via email that the company was preparing an update to the RemoteLink app that would address the vulnerability. "It's days away," Rhadigan said.

Advertisement

When asked via email if it was safe to use the app before an update is released, Rhadigan said: "We believe the chances of replicating this demonstration in the real world are unlikely. In addition, the action involves one user at a time, and would impact only that specific user's account."

The issue drew the attention of US safety regulators from the National Highway Traffic Safety Administration.

Advertisement

Agency representatives discussed the issue with GM officials, who said the flaw could involve doors and engine start-stop but does not involve other critical safety systems, according to a person familiar with those discussions.

The agency responded by making some suggestions, including disabling the app's function until customers perform the update, according to the person.

Advertisement

More than 3 million people have downloaded the OnStar RemoteLink mobile app for Apple iOS and Google Inc devices, according to OnStar's website.

© Thomson Reuters 2015

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Apple's iPhone 18 Pro Models Said to Arrive With Larger Batteries
  2. Nothing Phone (4b) Debuts in India, Limited RCB Edition Tags Along
  3. Nothing Phone (4b) First Impressions
  4. Motorola Confirms the Edge 70 Max Will Launch in India Soon
  5. This iQOO Z11 Series Phone Will Launch in India Soon
  1. Qualcomm Executive Teases Snapdragon Chip for Upcoming Samsung Galaxy Devices
  2. BonkDAO Suffers $20 Million Loss Through Malicious Governance Proposal
  3. iPhone Air 2 Tipped to Feature Bigger Battery, Dual Rear Cameras
  4. Apple and Broadcom Agree to Extend Chip Supply Partnership Till 2031, Regulatory Filing Reveals
  5. Qubo Dashcam Pro 2K With Front, Rear Cameras Launched in India; Company Showcases AI Smart Home Portfolio
  6. Google Is Reportedly Working on an Option to Disable Gemini Live's Guided Vision Feature
  7. Ripple Receives Full MiCA Approval in Luxembourg for Crypto Asset Services in Europe
  8. Nothing Ear (3a) Launched With 45dB ANC, 'Audio Snapshot' and Call Recording Support: Price, Features
  9. Nothing Phone (4b) Launched in India With 6,000mAh Battery, Glyph Bar Interface, Phone (4b) RCB Edition Tags Along
  10. Mysterious Redmi Smartphone Bags IMDA Certification, Hinting at Upcoming Launch
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.