A YouTube video shows a hacker accessing a GM vehicle equipped with OnStar RemoteLink.
Infotainment systems supplier Harman International insists that a security issue that led to the recall of 1.4 million vehicles last month is limited to products sold by Fiat Chrysler Automobiles.
The problem was discovered by a pair of cybersecurity experts who used the vulnerability to take control of a Jeep Cherokee, at one point sending the vehicle skidding into a ditch. The revelation led to a recall by FCA and has triggered an investigation by federal regulators who have grown concerned about the threat hackers pose to increasingly high-tech automobiles.
Separately, another security expert has posted a video on YouTube showing how he claims he can hack into General Motors’ OnStar technology.
“We do not believe this problem exists in any other car outside of Fiat Chrysler,” Harman Chief Executive Dinesh Paliwal says, referring to the security hole in some of the maker’s infotainment systems.
Harman International Industries is a major supplier to the auto industry under a variety of brand names. Its other customers include BMW, Daimler and Volvo.
It was the source of the Uconnect telematics system on the Jeep that became the subject of widespread news coverage last month after tech publication Wired showed how two cybersecurity experts took control of the vehicle remotely.
(Hacking is becoming an increasing threat to American motorists, Click Here for the story.)
A Wired journalist winds up in a ditch after hackers took control of this 2014 Jeep Cherokee.
According to Paliwal, hackers Charlie Miller and Chris Valasek tapped into the Jeep Cherokee through a cellular phone linked to the Harman-supplied system via Bluetooth. That then allowed them to hack into a “hole,” or port opening into the vehicle’s internal computer network.
The two security experts advised FCA of the problem before going public and the maker quickly issued a software fix. One concern is whether all potentially affected vehicles will be updated. But the National Highway Traffic Safety Administration announced over the weekend that it would investigate whether other Harman systems might face similar vulnerabilities.
During a visit to Detroit last month, NHTSA Administration Mark Rosekind stressed that the use of high-tech systems on today’s vehicles poses an increasing risk of hacking. Experts warn that there are numerous potential ways for hackers to attack a vehicle, including through Bluetooth gateways, the new 4G LTE systems many makers are installing, and even through such seemingly innocuous wireless links as the tire pressure monitoring systems all vehicles are now required to use.
According to Harman’s Paliwal, the Uconnect system that was breached is an older design that doesn’t incorporate the security features found on newer models.
“It’s a unique situation,” the CEO said during a conference call. “We believe based on our assessment with all other customers we supply our system to that the Chrysler system is the only one exposed to this particular experimental hack.”
(Bosch, TomTom developing new maps for autonomous vehicles. For more, Click Here.)
But cybersecurity experts are growing increasingly concerned, and contend that hackers are starting to divert more of their time and resources away from computers and smartphones to go after automotive targets.
That concern could be highlighted by the video researcher Samy Kamkar posted on YouTube showing how he allegedly hacked into a GM vehicle using the maker’s OnStar telematics system. Using the RemoteLink service, Kamkar says he was able to find the location of the vehicle, unlock its door and even start its engine.
“GM takes matters that affect our customers’ safety and security very seriously,” GM said in a statement. “GM product cybersecurity representatives have reviewed the potential vulnerability recently identified. In working with the researcher, we moved quickly to secure our back-office system and reduce risk.”
Adding that the company does “take all cyber matters seriously,” it conceded that “further action is necessary on the RemoteLink app itself,” with an update under development.
GM offers OnStar on dozens of models sold in the U.S. A number of competitors, including Hyundai, Mercedes-Benz and Toyota offer similar systems.
(Audi, BMW and Mercedes form unusual alliance to take a lead in a key autonomous vehicle tech. Click Here for the story.)
Why would anyone be concerned about hackers? /s
They hack banks, government agencies, corporations, autos and individuals daily and now all of a sudden security is important? Why wasn’t security paramount when these entities established their computer related devices? Without security being the number one priority more massive hacking will continue daily.
This should be amusing and confusing to some when their AV takes them to Los Angeles when they programmed it to take them to New York.
THIS problem may be limited. Others will not
Only limited by how many are sold and how many other designs are very similar = probably a lot. Hackers can already unlock many different vehicles that use digital keys. Crims in Europe have also found a means to show up with a new digital key and matching ECM that they just swap out with the parked car and the new key opens the doors and allows the vehicle to be driven away without a scratch on it.
It all goes back to allowing Microsoft to sell defective operating systems with complete impunity. Now reality is starting to hit home that the lack of security and defect free software has serious consequences.