back to article Unlock and start General Motors cars with a $100 box of tricks – hacker

Anyone with $100 spare for electronic components, and some technical skills, can wirelessly track, unlock, and start General Motors cars that have OnStar fitted, it is claimed. OnStar is a cellular service that piggybacks AT&T's cellphone network to connect vehicles to the internet: equipment in the car connects to the 'net …

  1. Anonymous Coward
    Anonymous Coward

    Funny isn't it...

    How everyone is so very sorry when they are caught.

    Not that they seem to be all that sorry, but you know what I mean.

  2. JeffyPoooh
    Pint

    "3D printed lockpicker"

    Very impressive that he could 3D print the entire lockpicker, presumably including the stepper motor, the solenoid, the wiring, and the Arduino microcontroller circuit card assembly.

    How much is a cartridge of Arduino Paste anyway?

    Oh, by the way, did he 3D Print this latest project? The 'OwnStar'?

  3. Winkypop Silver badge
    Devil

    "GM takes matters that affect our customers' safety and security very seriously."

    But not quiiiiite that seriously to do a good job the first time around.

    1. Anonymous Coward
      Anonymous Coward

      Re: "GM takes matters that affect our customers' safety and security very seriously."

      But not quiiiiite that seriously to do a good job the first time around.

      Hmm, unless you have more information that has not been expressed in the reporting that strikes me as an unfair assumption. Have you ever had a pause in the endless stream of Windows security updates since Windows 3.1? Never had any Android and iOS apps updates?

      Mistakes are made, and it is a good sign that GM is actively engaged with the researcher to address the problems. I am probably not the only one who would worry about remote controlled locks and ignition, but that is a conceptual issue - if you don't want that, don't buy a car with OnStar. It's a bit like that Mercedes rescue system - don't have it installed if the ability to be overheard without your knowledge bothers you.

      I suspect this is not the last problem we see unearthed, and I think it is better to see this as positive than create so much noise that companies are tempted to hide such things from us instead of fixing them.

      1. Anonymous Coward
        Anonymous Coward

        Re: "GM takes matters that affect our customers' safety and security very seriously."

        Being able to hack remotely starting the engine seems like a serious problem. There are circumstances when starting a car engine without warning could maim or kill people.

        1. Anonymous Coward
          Anonymous Coward

          Re: "GM takes matters that affect our customers' safety and security very seriously."

          How?

          This is remote start, not drive.

          Many alarm systems can do this.

          1. This post has been deleted by its author

          2. Anonymous Coward
            Anonymous Coward

            Re: "GM takes matters that affect our customers' safety and security very seriously."

            >How?

            It would be best not have have a body part near a suddenly moving, hot or electrified component when the car unexpectedly starts. It would also bad to have the car run its engine inside an unventilated space or where the fumes can leak into residential space.

  4. iLuddite

    seriously, we take your security

    Just add one more to the historical list:

    It's unsinkable.

    Just go down the road, you can't miss it.

    The cheque is in the mail.

    My Computer.

    Free apps.

    We only want to keep you safe.

    We take your security seriously.

    1. joshimitsu
      Coat

      Re: seriously, we take your security

      That would be "hysterical" list.

    2. Anonymous Coward
      Anonymous Coward

      Re: seriously, we take your security

      "Your call is important to us"

      "Free"

      "We value our customers"

      1. Dan Paul

        Re: seriously, we take your security

        "Unlimited Data"

    3. Trigonoceps occipitalis

      Re: seriously, we take your security

      This is the year of Linux on the desktop.

  5. Neil Barnes Silver badge
    FAIL

    How many bloody times?

    It's easy: don't put these sort of systems in places they don't belong.

    The vast majority of car journeys contain only the driver, who has exactly no need of a wireless internet within the car. Of the rare occasions where passengers are carried, how often will said passengers require the use of a device which does not of itself have internet connectivity?

    Start making cars which are transport devices and not mobile hotspots. And start that by restricting the essential operational and security functions to their own private wired networks.

    1. joshimitsu
      Devil

      Re: How many bloody times?

      Comes in useful for 8-12 seat private hire minibuses, also camper vans etc. But still. This only needs to be a hotspot with maybe access to the ICE. Really dumb to have the car's control systems accessible over the Internet.

    2. JeffyPoooh
      Pint

      Re: How many bloody times?

      I wish that vehicle entertainment systems would include a wifi client, a huge SSD, and a podcast manager. Each middle of the night, the car would use the household access point to download the latest audio podcasts from BBC.

  6. 0laf
    Facepalm

    Just hook it all up to the CANBUS what could go wrong.....

  7. Boris the Cockroach Silver badge

    Whoever

    thought it would be a good idea connecting car control systems to the internet should be taken out of the factory to the sheds round the back and given a damn good kicking.

    You dont do it in aerospace stuff because a hack to the control systems can kill people... so why allow it in cars?

    1. JamesPond

      Re: Whoever

      er that would be the hacker then.

    2. JamesPond

      You dont do it in aerospace stuff

      ..er actually they do,

      http://www.theregister.co.uk/2015/05/19/airplane_hacking_panic_why_its_a_surely_a_storm_in_a_teacup/

  8. quartzie

    Man in the replay....

    Rather than a man in the middle, I'd classify the approach as a drive-by replay attack.

    1. Anonymous Coward
      Anonymous Coward

      Re: Man in the replay....

      Hah!

      Some of these models are not wide enough to accommodate a man in the middle!

      Oh, wait ..

      (yes, it's Friday)

  9. MaddMatt

    looks like a single-board computer

    As far as I can tell, its a Raspberry PI B or B+.

    Hurrah for the British ingenuity. It really can do anything.

  10. Borg.King

    $0 rock

    . . . seems cheaper, and much easier, and works on more than just GM's cars.

    1. Michael Wojcik Silver badge

      Re: $0 rock

      Some thieves prefer to avoid this approach, as opening the door will then set off the car alarm, which is annoying to people in the neighborhood. Even criminals can show a bit of courtesy by unlocking the car silently.

  11. Anonymous Coward
    Anonymous Coward

    No surprise here

    The hackers and engineers/programmers who failed to employ proper security should all be sentenced to prison time. Hackers should get a minimum of ten years in the slammer.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon