Security top of mind as GM patches security vulnerability

Published: August 4, 2015

Updated: July 24, 2018

Author: Sean Cooper



When it comes to cybersecurity, there seems to be a never-ending battle of cat and mouse between hackers and programmers. The programmers make security a top priority, but somehow the hackers always manage to find a loophole.

This story played itself out yet again in a recent security breach in the automobile industry. As reported by LeftLaneNews, General Motors (GM) recently patched a security vulnerability where hackers could have gained full access to its OnStar RemoteLink system.

Security expert Samy Kamkar recently revealed the breach in a YouTube video. He said that he found out how to locate, unlock and remote-start any GM automobile with RemoteLink. This was done by intercepting communications made between the mobile app and OnStar servers. He said he is saving the juicier details for DEF CON, one of the world’s largest annual hacker conventions, and future YouTube videos.

However, Kamkar didn’t reveal the security breach to the entire world without first speaking to GM. Kamkar is an ethical hacker, otherwise known as a “white hat” hacker. He worked together with GM to develop a patch for the breach to stop hackers from exploiting this vulnerability. GM quickly implemented the fix, which took place on the server. If you have OnStar RemoteLink in your vehicle, no software installation is needed.

"GM product cybersecurity representatives have reviewed the potential vulnerability recently identified by Mr. Kamkar, and a fix has already been implemented to address this concern," GM said in a statement to The Detroit News. "No additional action is required by our customers."

The vulnerability came up just a week after Fiat Chrysler Automobiles dealt with a similar situation for its Uconnect infotainment systems. A team of researchers found a vulnerability that enabled hackers to take over the control of a Jeep Cherokee's brakes and steering. Fiat Chrysler Automobiles tried to sweep the problem under the carpet by quietly developing a software update. However, things didn’t go as well as planned, as 1.4 million vehicles had to be recalled.

“White knight” hackers have been sounding the alarm bells recently for possible security breaches for automobiles. With advances in technology comes the potential for security vulnerabilities. Integrated cellular connections, Wi-Fi and Bluetooth are all ways for hackers to potentially gain access to vehicles. Security fixes can be difficult to implement. If they can’t be done remotely, owners may need to visit a dealership.

"Cyber security is a global issue facing virtually every industry today, and a lot of work continues to been done at GM in this space," GM said. "Our customers' safety and security is paramount and we are taking a multi-faceted approach to secure in-vehicle and connected vehicle systems, monitor and detect cyber security threats, and design vehicle systems that can be updated with enhanced security as these potential threats arise."