The vulnerability to engage the engine by unlocking the automobile by hijacking communication of the smartphone has been discovered, GM announced already dealt with

In-vehicle Internet connection system installed in automobilesVulnerability of "Uconnect" is likely to take over vehiclesAsChrysler will recall 1.4 million unitsIt was announced that it was announced to be announced, but there is a vulnerability that can intercept the control of the smartphone by intercepting the smartphone's communication even in a vehicle of General Motors (GM) equipped with a similar system Hacker 's investigation made it clear.

OwnStar - hacking cars with OnStar to locate, unlock and remote start vehicles - YouTube


This vulnerability was pointed out by Samy Kamkar, a hacker who conducts security related investigations. By using the device of the black box in hand, the in-vehicle information system "Onstar(OnStar) "is actually introduced to show how the GM car hijacked control.


The black box that Mr. Kamkar had is "Ownstar(OwnStar) ", inside which is housed devices such as antennas and Arduino that intercept smartphone communications. Mr. Kamkar has made this Ownster hisself, and he said that he can make his own at about 100 dollars (about 12,000 yen).


The on-board system "On Star" is a system in which smartphone applications and servers and computers installed in vehicles operate in cooperation, such as locking the door, grasping the state and position information of the vehicle, and starting the engine It is a system that makes it possible. On the other hand, Kamkar's "Own Star" intercepts and analyzes radio waves emitted by the application during communication, not only takes away control of the vehicle but also obtains personal information such as user's name and credit card information It is a tool that makes it possible.


Like the screen, you can control such as unlocking and locking the door, starting the engine, ringing horn and so on.


Own Star operates as a simple Wi - Fi spot using the built - in Wi - Fi antenna, and extracts its communication contents by connecting it to the smartphone.


The scene which is actually manipulating the vehicle is contained in the movie a little. In this way, the key of the door is opened as "Gachach" ...


I was able to open the door as usual.


Furthermore, when I tap "Remote Start" on the screen, the engine has hit. After that, if you actually get in and start driving, it is Osaraba as it is.


In fact, in order to exploit this mechanism, since it is a major premise that the key of the vehicle itself is in addition to the smartphone and Ownstar, anyone can steal the car if only Ownster is at hand It does not mean. However, being relatively easy to break the security that should be inherently detrimentally affects the stability of the system, it can be considered as a serious problem.

Kamkar does not clarify the details of this problem, but since the festival of hackers to be held from August 6, 2015 "DEF CON 23We are planning to make a presentation at the venue.

DEF CON® 23 Hacking Conference


In addition, Kamkar already informed GM of this problem, and GM who contacted said that the server was updated on the same day. Because the cause of the vulnerability existed on the server side, it is said that it is not necessary to recreate the vehicle and update the software.

Kamkar said about the reasons for announcing the issue, "I certainly play the game theft auto in the game well, but this motivation is not the feeling of stealing a car I The purpose is to point out deficiencies in security and to inform you that you should pay more attention when using devices that are "smart manageable". "

Everything is possible with devices such as smartphones, and it is true that society where all the devices are connected by "Internet of the item (IoT)" is expected to have many merits, but on the other hand avoiding such problems It can also be said that it can not be done. Mr. KamkarPresentation contents of Def ConIn the comment to introduce the car race "Indy 500", he said, "Ladies and gentlemen, start your engines. And other people's engines (Ladies and Gentlemen, Start your engines! I'm writing the phrase "It seems that it shows the severity of the problem lying right.