Hack Attack du Jour: Kamkar cracks BMW, Mercedes, UConnect & Viper remote apps

rolljamSammy Kamkar, whose OwnStar intercept of smartphone logins to the OnStar RemoteLink app wreaked havoc on GM, is now taking hack shots at BMW Remote, Merecedes Benz mbrace, Uconnect and Viper connected car remote iPhone iOS apps.

The device hacks not the cars themselves but the smartphones using the remote apps. Kamkar uses a black box device acting as a Wi-Fi network to intercept a signal from the car app on an iPhone. The problem occurs because the apps lack SSL authentication.

Once Kamkar has the log-in information then he could use the apps for different ways to control the affected vehicles.

Since Kamkar doesn’t have access to all the vehicle models that use the apps, he has not been able to test his theory.

The vulnerability is software flaw therefore the app developers just need to update the apps like GM did with Kamkar’s OwnStar hack.

Every year, around the time of the Def Con conference, hackers hack into the limelight concentrating on cars. This year had more hacks than ever before.

It started Miller and Vallesek’s remote hack of Jeep Cherokee, causing it to go into a ditch while occupied by a Wired contributor. Chrysler updated its software to prevent further intrusions.

Then Kamkar hacked OnStar’s RemoteLink app for a Chevy Volt. At Def Con, Kevin Mahaffey, the chief technology officer at Lookout, and Marc Rogers, a researcher at Cloudflare discovered a way to get into Tesla S’ controls by hacking into the entertainment system.

UCSD researchers discovered a way to hack into found aftermarket OBD-II dongles used by Metromile and Uber.

Remote apps can be uninstalled form smartphones if drivers are worried about hacking.