Could smartphone apps give hackers control of your car?
With automakers creating new smartphone apps that will allow motorists to remotely unlock their vehicles and even start them up, security is becoming a serious concern in the era of the hacker. But when General Motors launches its new apps that turn a smartphone into a virtual key to operate its vehicles, the maker claims the program will come with a level of security that would make a banker blush.
Jeff Ravaf, a software developer in engineering at OnStar, said the smartphone apps, which OnStar announced last week, will have six layers of security on the user side, plus additional measures built into the system.
The apps will allow owners of Chevrolet, GMC, Buick and Cadillacs to use their smartphones through OnStar to unlock or lock their cars, remote start them and check such vitals as fuel level and tire pressure. The apps will work anywhere the phone can access the network, not just within a few hundred feet of the car like a traditional keyfob.
The free apps will be available for iPhone and Android (Blackberry will not be supported, at least initially) later this year, but users must be OnStar subscribers to use them.
Once they have downloaded the app, users will log in with a user name and password that they obtain from the OnStar Web site using their OnStar pin.
Each device that the vehicle owner wants to use to access the vehicle will have to be registered. A verification will be sent to the e-mail on file with OnStar to activate the device. Multiple devices will be allowed to operate multiple cars.
OnStar developed a custom keypad screen so passwords cannot be captured by hackers, Ravaf said.
By default, the system is set to off, so the user has to manually check a box on the OnStar Web site to activate the service. Lastly, the phone works with OnStar’s computers which sends the signals the car.
“The phone doesn’t interact directly with the car,” Ravaf said.
There are some additional security measures built into the system that Ravaf did not want to divulge to avoid giving hackers any more information than needed.
“There’s been all kinds of security put in the back,” Ravaf said.
Ravaf said OnStar worked with some of its regular computer services providers, but did not want to give names of specific companies that consulted on the project.
“We are trying to follow a lot of standard security protocols that are out there,” Ravaf said.
Jim Kobus, a communications manager for OnStar, said the company showed the apps to focus groups. He said most people seemed comfortable with the security measures. In fact, Ravaf added that some customers thought the measures were unnecessarily cumbersome.
OnStar has 5.7 million subscribers and advisers interact with 100,000 customers every day.
Computers are great. In fact, I’m using one of them now 😉
However, “Computer Security” is just an empty phrase, like “Business Ethics” or “Hollywood Sincerity.” I want to keep the names of those GM guys handy, so I can immediately begin to mock them when people’s cars start to disappear.
Language trick: Substitute the word “stupidity” for the word “security.” OK?
The announcement becomes, “GM promising stupidity that would make bankers blush.”
Get it?