Do you remember the "OwnStar" hack? A security researcher revealed how almost any GM car with the OnStar system could be remotely hijacked. It's not just GM anymore. Now BMW, Chrysler, Mercedes-Benz and another system are affected.
Samy Kamkar, the OwnStar hacker, says the same attack can be pulled off on the iOS apps of BMW's Remote, Mercedes-Benz's mbrace, Chrysler's Uconnect, and the Viper Smartstart alarm system. Kamkar told Wired, “If you’re using any of these four apps, I can automatically get all of your login information and then indefinitely authenticate as you. These apps give me different levels of control of your car. But they all give me some amount of control.”
All four of the iOS apps can let a hacker unlock your car. And all of them except Viper can remote start your car (though the key would probably need to be in the car to drive it off). And the BMW, Mercedes-Benz and Viper apps can locate and track the car as well, according to Wired.
Kamkar's $100 device, which impersonates a familiar Wi-Fi network to take over the system, hasn't been tested on actual vehicles. And he's not releasing the code for the new attack. He wants to give the companies an opportunity to fix their security problems like GM did previously did with OnStar. There's just one problem.