Hey! That's my car driving away....

Hacker Samy Kamkar shows how after hacking the OnStar mobile app, he's able to use it to control a Chevy Volt. Credit: Samy Kamkar

Amazing what we can do with our phone. Paying the bill, finding the way to a place, measuring calories ingested or consumed, taking photos, playing games, getting back to the car by recording its parking position, opening its door and starting it...

Wait a moment. What if someone else can do the same things ... to my car?

Apparently this is exactly what can happen as Samy Kamkar has just demonstrating (see the clip).

The possibility to send commands from your cell phone to the car is opening up a door to hackers that can intercept the communication between them, learn the codes used by your cell phone as authentication and replicate them. 

At that point the hacker devices can pretend to be your phone, open the car and fire it up... And there goes your darling...

The problem, as pointed out by Samy, is not in the car but in the app you have on the phone. 

The breach can be done on the 1.4 million cars using UConnect, manufactured by FCA (FCA has recalled all cars to fix the problem and it is changing the security protocol with the app) but it just show how what is convenient (opening and firing up your car from your phone) can become a liability.

Hacking is very difficult to stop since it is stemming from malicious intent but, even more challenging, from the desire of millions of people who are trying it just for fun! And it is so difficult to stop an army of millions...

As we learn the lesson and increase security on one thing there are ten more "things" that get computerised and made accessible from remote each one potentially providing an entry door to a hacker. 

At EIT Digital we are working hard to increase security of ICT services and products but it looks to me like a never ending story. For sure security experts are unlikely to become redundant.

Author - Roberto Saracco

© 2010-2020 EIT Digital IVZW. All rights reserved. Legal notice. Privacy Policy.