OwnStar – hacking cars with OnStar to locate, unlock and remote start vehicles

OwnStar – hacking cars with OnStar to locate, unlock and remote start vehicles

OwnStar is a device that can locate, unlock and remote start any vehicle with OnStar RemoteLink after intercepting communication between the RemoteLink mobile app and OnStar servers. More technicals details to come at Defcon and in a future video.

GM/OnStar are actively working to resolve this issue!

By Samy Kamkar

Subscribe to my channel for more Applied Hacking videos: https://www.youtube.com/subscription_center?add_user=s4myk
Follow me on Twitter: https://twitter.com/samykamkar
Join my mailing list: http://samy.pl/list/

You may also like...

18 Responses

  1. One Man On Fire says:

    GM should hire you

  2. jacob zuma says:

    Dude impressive work! How do you come up with these attacks? How are you so
    creative?

  3. Colton Blumhagen says:

    As soon as I got my first vehicle with Onstar, I manually disabled it. If
    I’m not going to use it, why should I leave it to be vulnerable to hackers?

  4. CODE NAME NemoX says:

    oh. yeah. wahhhh wahhhh. wahhhh. everytime. you. tried. to. hack. my. moms.
    car. and. house. hold. STUPID MEXICAN. STUPID WHITIES. AND STUPID NIGGERS.

    FUCK YOU STUPID ILLUMINATI. ILL KILL YOU ANY DAY. ANY TIME I WANT TO.

  5. Enrique Lopez says:

    thank you so much
    I will disabled my on-star Right now, thank you again great job.
    lucky you are a hacker for the public safety and not for your profit

  6. Nathan Bowhay says:

    wow some more car hacks (man in the middle). Good news is it’s an issue
    with the app.

  7. fun911s says:

    OwnStar – hacking cars with OnStar to locate, unlock and remote start
    vehicles

  8. Garbaz says:

    Could you provide further information about the problem? Are they sending
    clear text packages you can simply read out with a MITM Attack? Or is there
    a more complex problem?

  9. Ken Elwell says:

    +Samy Kamkar delivers a great demonstration of his OwnStar device in this
    video. It leverages a vulnerability in the mobile app, not the car. So as
    long as you discontinue using the RemoteLink app until GM comes out with a
    patch.

    Of course, pulling the fuse and/or removing the antenna that OnStar uses
    also works.

  10. Aaron Muller says:

    Didn’t see it demonstrated. Can’t verify…

  11. Orlando Perez says:

    Grate niw I cant use this to steal any more cars thanks alit

  12. Raymond Doetjes says:

    Last week we had FIAT with the JEEP that provided remote access to the car
    through entertainment system *sigh* now these wankers.

    What is wrong with these people? They are the worst engineer around! When
    you use the airwaves be sure to ALWAYS authenticate, authorize and encrypt
    your data.
    Especially with powerful small processors using proper cryptography is not
    an issue anymore.

    Sjeezz… The car branch really need to step up with their security!

  13. Sandeep Kamble says:

    I really have big question. How you manage to work on this stuff every day
    ! :D

  14. r3g27 says:

    Can you hack NFC ?

  15. Paul Jauregui says:

    Nice

  16. yakyakyak69 says:

    Connected cars are a BAD IDEA!

  17. Relative says:

    Already in the CNET, Engadget, and Wired news. Good job Samy. I still
    remember when you were banned from computers. Or were you not?