Your remote car key doesn’t have just a single secret code to your car; instead it uses something that is called a “rolling code.” Whenever you press the button of your remote car key, a randomly generated code is sent to your car over a radio frequency which has a code generator that identifies and burns it so it cannot be used again. Your car and the key then generate new codes for future use and the whole process is repeated. It is a verified security system that has protected millions of cars and remote garage doors for so many years but now, this system is of no use.
Recently, white-hat hacker Samy Kamkar cracked the OnStar smartphone security app, owned by General Motors, through a device he has built known as OwnStar. He demonstrated his ability to illegally unlock and start a car over a cellular network.
Samy Kankar is a cyber security expert and loves automation and the Internet of Things. He says, “I love the new technology that car companies are introducing, but I worry whether the manufacturers are actually paying attention to the security of these connected vehicles.”
Today, cars are being sold based on the working of their WiFi. Now, the four-wheel vehicle is equipped with Bluetooth, OnStar, Hotspot and what not. All of these functions help people to stay in touch while driving.
Earlier, a car thief had to have access to the diagnostics port of the car and needed to be inside of the car to steal it. But now, with this new device, a thief can control the car as soon as the user turns on their Wi-Fi.
Kamkar says that this is not a red herring. In creating OwnStar, he simply used a Raspberry Pi and three radios to intercept the communication between the user’s mobile device and the OnStar servers. This in turn created a loophole which helped in accessing private, encrypted information such as the user’s email addresses. He says, “OwnStar potentially gives me anyone’s critical authorization details. I could even go to a crowded area, plant the device, and when someone within wireless distance opens their OnStar app, I have access and can track their car.”
When Kamkar notified General Motors about the security fault, he said that although the manufacturer responded quickly, he didn’t solve all the issues at once. He said, “This is likely a much greater problem. Car thieves are already becoming more advanced, and Charlie Miller’s attack, which modified how a car drove, could put people in real danger.”