Last month security researcher Samy Kamkar announced a vulnerability that allowed him to remotely unlock OnStar-enabled GM cars. While that issue has been fixed, it looks like the same vulnerability found in OnStar is also present in BMW Remote, Mercedes' mbrace and Chrysler's Uconnect. Kamkar told Engadget via email, "the issue itself is the same exact SSL certificate issue that affected OnStar/GM (which they've resolved two weeks ago). It was barely any tweaking of the original system a few lines of code to add support per vehicle." Uh oh.
- The OwnStar device intercepts communication between a vehicle and its companion app and sends that information including login information to Kamkar who then has control of the vehicle via the app and can unlock it.
- If you're feeling smug about your vehicle because Kamkar hasn't called it out, you might want to curb that. The SSL certificate issue that allows a person to log in to a vehicle is pretty widespread. "Unfortunately it's prevalent among half the other mobile unlocking apps I've tested," Kamkar said. Source
No hay comentarios:
Publicar un comentario