Do you remember the "OwnStar" hack? A security researcher revealed how almost any GM car with the OnStar system could be remotely hijacked. It's not just GM anymore. Now BMW, Chrysler, Mercedes-Benz and another system are affected.
Samy Kamkar, the OwnStar hacker, says the same attack can be pulled off on the iOS apps of BMW's Remote, Mercedes-Benz's mbrace, Chrysler's Uconnect, and the Viper Smartstart alarm system. Kamkar told Wired, “If you’re using any of these four apps, I can automatically get all of your login information and then indefinitely authenticate as you. These apps give me different levels of control of your car. But they all give me some amount of control.”
All four of the iOS apps can let a hacker unlock your car. And all of them except Viper can remote start your car (though the key would probably need to be in the car to drive it off). And the BMW, Mercedes-Benz and Viper apps can locate and track the car as well, according to Wired.
Kamkar's $100 device, which impersonates a familiar Wi-Fi network to take over the system, hasn't been tested on actual vehicles. And he's not releasing the code for the new attack. He wants to give the companies an opportunity to fix their security problems like GM did previously did with OnStar. There's just one problem.
According to Wired, although Kamkar let BMW, Mercedes-Benz, Chrysler and Viper know about their iOS apps' security flaw, they haven't taken action to fix the vulnerability. All it takes is an update to the Apple store app.
Hopefully these huge companies are paying attention to their customers, who should rightly be outraged by any hesitation to fix the apps. We expect the companies to prioritize security first.
Here's Samy Kamkar's video of his OwnStar hack.
Check back often to our Happening Now page for the latest hacks, security threats and fixes for all your tech devices.