GM Performs Stealth Update To Fix Security Bug In OnStar 91
An anonymous reader writes: Back in 2010, long before the Jeep Cherokee thing, some university researchers demonstrated remote car takeover via cellular (old story here). A new Wired article reveals that this was actually a complete exploit of the OnStar system (and was the same one used in that 60 Minutes car hacking episode last year). Moreover, these cars stayed vulnerable for years -- until 2014, when GM created a remote update capability and secretly started pushing updates to all the affected cars.
The only fix... (Score:5, Insightful)
The only fix for the security problems with Onstar and any similar system is total removal of the hardware and software!!!!!
That will never happen. (Score:3, Insightful)
What you propose is at variance with how the market works.
People will get upset every time an exploit is found. The vendor will give assurances that the problem has been fixed (whether it has or not), and business will proceed as usual.
You can pound your fist and say it shouldn't be that way all you like. But it is that way. All you can really do is figure out the best way to adapt to it.
Trying to control the world will only bring you stress.
Re: (Score:1)
So far it hasn't. However, if OnStar does get hacked, it might be something large enough to change the psyche of consumers here in the US.
Doesn't take much. Hurricane starts to bear down on a coastal city. Evacuation starts. Bad guy logs on, disables one set of cars leaving. When those are starting to get towed, he disables another set of vehicles. Or he just kills all OnStar-linked vehicles and drops the network by purging some core router configs and changing uplink passwords. Now the hurricane is
Re: (Score:2)
The challenge here is that many people will continue to make this defeatist argument until something very, very bad happens, because most people are not good at evaluating the risk from rare but extremely damaging events. Regulators should be stepping in to control the world of the auto manufacturers until they get their house in order on this one, because unfortunately, unlike most of the security theatre we see in the modern world, mass casualties due to compromised auto software is actually a credible ri
Re: (Score:2)
The problem is that nobody gives a rat's ass until people wind up dying on a massive scale, as in the hundreds to thousands. Even hacking a jetliner isn't going to do the trick because people are starting to get used to them being dropped out of the sky.
The biggest issue is the perception that "security has no ROI", combined with "the hackers can get us no matter what we do". Both are BS. If one looks at physical security, even the liquor store in the no-man's-land neighborhood has more than adequate phy
Re: (Score:2)
The problem is that nobody gives a rat's ass until people wind up dying on a massive scale, as in the hundreds to thousands.
Isn't the real problem that in this case that might actually happen? A few posters right here in this discussion have already described some very nasty scenarios that could have that kind of result, and the necessary proofs of concept have already been demonstrated, which is why we're having today's discussion in the first place.
All too literally, the only thing protecting us from this kind of attack right now is the blessing that there aren't yet very many people in the world with all of the knowledge, the
Re: (Score:2)
Pretty much. We have enough good people out there that act as goalie, preventing a lot of disasters. However, this is only a matter of time before we get an attack that is a perfect storm where the good guys were not able to stop it.
In the past, we have had two groups: People who had the will do do harm, and would do anything to do it, and people who had the way and knowledge to do harm... but who were not into hurting people as their primary reason of existing. However, as things change, we are startin
Re: (Score:2)
Oh no! More regulations? Are you a communist?!?! Bwahahaha
Re:The only fix... (Score:4, Interesting)
Or at least the car manufacturers should give the purchaser the OPTION on whether to have this hardware/software installed or not.
It used to be an "option"...why did it become now a standard fixture. Sadly it seems these systems are so integrated now, you can't keep the car functioning without them.
It should be a modular thing that you can request to have or not have....
Are there any good ways to disable OnStar and the Uconnect apps, and prevent them from communicating wirelessly at least?
Re:The only fix... (Score:4)
OnStar is GM's version of ongoing revenue stream from previous customers.
Re: (Score:1)
Find and remove antenna feed.
Re: (Score:1)
Re:The only fix... (Score:5, Informative)
3 ways to deactivate OnStar [wikihow.com]
Re: (Score:2)
that you can request to have or not have
Last time I went to buy a car (2010) I was told by two different dealerships (Hyundai and Ford) that requesting anything was no longer "a thing" (though I could buy an aftermarket radio upgrade at full price plus installation and no, they won't deduct the cost of the basic radio from the car). You can't even ask for them to get a car in a certain color (in my case, silver, not some freaky special order limited edition "burnt yellow ice" or whatever). You can buy wha
Re:The only fix... (Score:4, Informative)
Wow..that's strange. I mean, on both the Ford and Hyundai websites, you can select and build out any model of their car offerings you want.....
I know they want to sell you one from stock, but as far as I know, choosing your car model, color and whatever options are available (some cars do have very limited options, but others have more) is still in the cards for most car shoppers.
It is just the wireless, phone home control centers in cars that I don't want....hell, I'd actually prefer mechanical analog gauges....one less thing to break due to some electrical gremlin....
Re:The only fix... (Score:4, Informative)
Re: (Score:2)
Actually, that demand does exist...
Look at a Nissan Versa:
http://www.nissanusa.com/cars/... [nissanusa.com]
You can get that car for about $11k, or even less if you haggle well or they have rebates...
For $11k, it doesn't have all those options that bother some people.
So that market does exist, but what the OP above you wants is a middle ground car with just some nice features, but not others, and almost no one wants that, so no one builds it.
Re: (Score:2)
The only reason the Nissan Versa doesn't have those options is because it is being aimed at the entry-level market where price is the overriding criterion for most buyers. Here, it is in the manufacturer's intere
Re: (Score:2)
Untrue. Plenty of people want it, but it isn't offered because the manufacturer puts its own interests first.
Citation needed...
---
The irony is that you think GM is putting sat radio into cars because they don't want to sell cars. If GM thought they could sell more cars by keeping it out, they would.
OnStar used to be a real cost and was offered only in more expensive vehicles and higher end trim lines. Now the cost is trivial and at some point becomes cheaper to just make standard equipment rather than an option.
This is not unlike how air conditioning used to be optional, but is now standard because the cost of i
Re: (Score:2)
Most people would likely say, "sure, put it in if it is free, so long as I don't have to use it (and they don't)".
It helps the car makers that the overwhelming majority of people have no idea how much their security and/or privacy are actually being compromised by these new systems.
"Do you like our new advanced recovery system? It automatically calls for help and sends your location if someone crashes into your car, so it might save your child's life one day."
"Thanks, that's great to know."
vs.
"Do you like our new advanced insecurity system? Because we're incompetent at software development, any punk with a $10 black ma
Re: (Score:2)
On the plus side, self-driving cars will require a level of software security that existing cars don't.
You talk about accelerating to 100mph, but keep in mind the brakes always work, they are required to, and they are required to be able to overpower the engine.
You can also always turn off the car, and if you have keyless, press and hold the button for 4 seconds, that kills the power (much like it does in your locked up computer).
But a self-driving car? That needs some serious security.
Re: (Score:2)
You can also always turn off the car
Unfortunately, in modern vehicles even that doesn't always work [theregister.co.uk].
These kinds of failsafe should be completely reliable, and it's crazy that they aren't, but it seems auto makers are just trying to be too clever with what they do in software and they sometimes get it wrong.
Re: (Score:2)
Nothing in life is "completely reliable", but I get what you're saying.
At least they are doing a recall and fixing it. :)
Re: (Score:2)
Re: (Score:2)
Wow, I didn't know there was a more stripped down head unit with Sirius than my Chrysler non-display unit. Even my el-baso model has separate buttons for SAT,AM/FM, CD, and BT/AUX
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
While there is some truth to that...
There is also truth to the fact that building the same car, one with sat radio and one without, can actually cost more than just building them all with it...
It costs money to change the configuration, to have different parts on hand, to have 2 build sheets in the factory...
What does it really cost to add sat radio to a car? A few dollars? The radio itself is just a computer these days, that is software so the cost is developing the software, not installing it. Then you
Re: (Score:2)
Re: (Score:2)
Ok, so you'd like your $3 back that sat radio added to the cost of your car?
Fair enough, if you made that a condition of the sale, I'm sure the sales manager would take $3 out of his pocket and hand it to you to close the sale.
You're leaping over dollars to pickup pennies, sat radio adds a trivial cost to the price of your car. That is why it has become all but standard in just about everything these days, other than $11k econoboxes.
Re: (Score:1)
Absolutely! If an electric clock cannot withstand 10-15 years of use (one in my Honda, the other in my Toyota), I can't image the fun the electrical gremlins will have with an electronic dash. Will be interesting to see how many 'modern' cars can last 20-30 years and how the electronic dash fairs.
Re: (Score:1)
I can give you some foresight, a family member has a 2003 truck with an electronic gremlin. The electronics think there is a problem with the engine even though there isn't so it kicks the throttle into an "emergency mode" once in a while that doesn't allow you many more RMPs than an idle, at least until you pull over and turn the key off for a few minutes. A month or so back things started to get real interesting, now it doesn't always recognize what gear you're in so the door locks will engage/disengage
Re: (Score:2)
Insurance companies generally total any car older than 10 year who's airbags deploy. Which usually ends the car.
Only going to get worse with 12 airbags. I'm betting a full airbag deploy on one of those 3 years old is 'totaled'.
Re: (Score:2)
Maybe its a Texas "Independent Dealer" thing. I just punched in my zipcode on the Hyundai website, selected a Sonata and built it out and at the end it gives me an "inventory search" button and tells me there's a dealer with that color and package 15.66 miles away. I picked a different Sonata in "lakeside blue" and got to the end and the inventory search told me there were none available
Re: (Score:3)
The ironic thing is when I went with a friend of mine who was looking at a Ford, the Ford rep confirmed that nothing on the lot would work (and other dealerships didn't have the configuration needed), and offered to have it built to order from a spreadsheet with the list of options. The price was well under MSRP as well.
I'd probably say the sales rep or the dealer was full of it, and just were wanting to move inventory as opposed to make sales.
One trick I learned (as a rule of thumb) is to find more rural
Re: (Score:2)
With that said, GM won't let you order a car without OnStar unless you're a fleet/rental customer (fleets don't want them and have enough monetary clout to get what they want).
Are you kidding, fleet purchasers LOVE OnStar unless they already have an alternative telematics provider that they use that can't tap into the OnStar system.
Re: (Score:2)
Re: (Score:2)
This is why I buy BMW. I can request everything and even pick it up in Germany at the plant, drive it around the Ring a few times and then they will ship it to the USA for me for it to arrive when I arrive back in the states.
Cadillac and Lincoln? they don't give a rats ass about the customer, and that is why they are both at the bottom of the heap for luxury car sales.
Re: (Score:2)
Last time I went to buy a car (2010) I was told by two different dealerships (Hyundai and Ford) that requesting anything was no longer "a thing"
Then you need to find a new dealership...
When I ordered my 2015 GMC Yukon XL, I sat down with the dealership's order guy and we went through the order form on the computer together, picking out the exact options and order codes that I wanted. It was easy since I had already looked up online what I wanted and had that info with me.
6 weeks later, the truck showed up at the dealership, just as ordered, and they sold it to me for the price we agreed on at the time I ordered it (about $750 below dealer invoice)
Re: (Score:1)
Or at the very least physically disable its ability to wirelessly communicate with any outside system by destroying/disabling the hardware/antennas.
Re: (Score:2)
Already did it about the same time I bought the car. It's useless crap really.
Re: (Score:1)
Re: (Score:2)
Software can no longer afford to be static. It needs to roll with the punches of exploits and support updates out in the field at a moments notice.
Or we could just, y'know, not connect every essential system in the universe to arbitrary remote devices, some of which will inevitably be compromised or otherwise hostile.
Watching the train wreck we're calling the Internet of Things is like watching cloud computing all over again but ten times worse. It seems the manufacturers can't get enough of it because of the hype train and so most of their customers get on board as well, even though they don't really know whether there's anything in it for them or ha
Re: (Score:2)
The only fix for the security problems with Onstar and any similar system is total removal of the hardware and software!!!!!
Although true, it's probably not what GM wants. The easiest way to fix while keeping the product alive this is to stop remote updates. It should be an active decision to update your car the same way it is for updating a NAS or SCSI controller firmware.
In addition, there should be a disconnect between the entertainment system and the car's operating functions. I don't understand why the same computer needs to handle both work loads as they do not cross over in functionality or need.
Why "the same computer" does so much in cars (Score:2)
I don't understand why the same computer needs to handle both work loads as they do not cross over in functionality or need.
There is a half-truth here.
The underlying problem is that a lot of the electronic systems within most modern cars probably communicate using an insecure channel. The systems were designed with the assumption that the other devices on the same bus were trustworthy. And of course, they typically were, before remote access came along.
Today that assumption no longer holds, but a lot of systems that seem unrelated do actually have genuine reasons to interact to some degree. For example, consider a modern system
Re: (Score:2)
I agree with everything you said except that it doesn't explain the connection between the systems
However, that system needs to know whether a crash has occurred, and how is it going to do that? It needs access to some sort of sensor, but by its nature that same sensor is probably also used by some of the other modern systems that provide collision avoidance/mitigation features. Bang, now you've a link between a system that has remote communication capabilities and a system that has a need for direct control of essential vehicle systems.
This is a problem that is easily solved by providing read only access to sensor data. There is no reason for the external communication systems to allow write operations of any sort.
Re: (Score:2)
This is a problem that is easily solved by providing read only access to sensor data. There is no reason for the external communication systems to allow write operations of any sort.
Absolutely true, but unfortunately a lot of cars shipping today have a CAN bus architecture that can't make that distinction, and the components communicating via the bus aren't set up with the necessary security in mind either. That's a large part of the problem here.
Re: (Score:2)
You are incorrect, it is very simple to make 100% secure.
you find the Onstar antenna wire, and remove it from the telemetrics module.
Honestly in today's world only a fool wants onstar. you have a freaking cellphone in your hands, your infotainment system can use BT tethering to get any data. Why the car needs it's own connection is utterly insane.
And yes, I know remote unlocking from the onstar service, sorry but if you lock your keys in the car on a regular basis, you deserve to have to pay for a new win
Soo.. (Score:3)
Did it install Windows 10?
The update also included (Score:1)
Not touched upon in the story is that the update also included a stealth download of systemd.
Comment removed (Score:4, Funny)
Re: (Score:2)
my 2001 crown victoria police interceptor has been modified slightly to emit a protective haze of burnt oil to stealthfully evade hackers. Whats more, the suspension has been recalibrated to bob and duck at the slightest bump, and shake violently at speeds above 40 miles per hour in an attempt to elude hackers signals. Finally, I use crippling student debt technology to ensure that flipping on my dome light and barking orders to OnStar does virtually nothing to the vehicle. For added protection, you can put the car into 'stealth mode' if you have an arts degree by avoiding oil changes and fuel in exchange for more ramen this month.
Does the cigarette lighter work?
Re: (Score:2)
Glacial speed of fixing critical bugs (Score:3)
Re: (Score:2)
Re: (Score:2)
Can any company be trusted?
No, but how likely is your compromised smart TV is going to be used to kill you?
Re: (Score:3)
Quite high.
Kiddie calls a SWAT on your home.
Kiddie makes your smart TV switch to a video of a violent scene that matches the call and turns the volume up to 90%.
Swat team kills you, see's it 's just the TV, then kills your family and dog out of spite.
GM Uses the Exploit to Push the Update (Score:1)
"Created a remote update capability" by exploiting the very same bug.
This is not reassuring (Score:5, Interesting)
From GM chief product cybersecurity officer Jeff Massimilla:
“We were able to find a way to deliver over-the-air updates on a system that was not necessarily designed to do so.”
They hacked it so they could hack it. I'm glad GM has my back.
Re: (Score:3)
Missed the most important quote somehow:
“We were able to find a way to deliver over-the-air updates on a system that was not necessarily designed to do so.”
Re: (Score:3)
And without authorization from the owner of the car, or notification it was being done.
So, violation of the computer fraud and abuse act?
Sure sounds like hacking to me. Oh, but it's a corporation, so it's OK.
"secretly started pushing updates" (Score:2)
That's pretty laden with strong, negative emotional connotations. What's the justification?
Why not just read it as they started quietly pushing updates?
Re: (Score:2)
Quietly: suggests caution, or even wisdom, due to security and safety concerns
Secretly: suggests a pure profit motive. Avoid scaring people so they keep buying our cars
The full story is probably a mix of the two.
Re: (Score:2)
Nutria's corollary to Hanlon's Razor: never ascribe to malice what can adequately be ascribed to bureaucracy.
IOW, they certainly wondered why they needed to send out millions of post cards (which is how auto companies communicate with their users) when just fixing the problem is so much simpler.
Who needs it? (Score:2)
I didn't know stealth was an available upgrade, not sure how I'd use it accept to avoid speeding tickets.... Oh wait....
Really? (Score:2)
These people touting the exploits end up getting laughed out of IEEE conferences by manufacturers and their butt bu
Bullshit on the secret updates (Score:2)
How does a consumer test for the vulnerability? (Score:5, Interesting)
As someone who drives a GM car that came with an OnStar antenna, a rearview mirror full of OnStar buttons, and an OnStar free trial... How do I determine whether or not my car is vulnerable? Whether it received the patch? Which generation of OnStar my car has?
I haven't had anything to do with OnStar since I was driving down the interstate and suddenly received a loud and unexpected phone call from a fucking OnStar telemarketer. My trial, which came with the car and which I hadn't used, was about to expire, so they decided to make a sales call. To my car. While I was driving. Out of nowhere, the car muted the radio, made some very loud dinging noises, and started blasting an unknown woman's voice over the stereo system while I was driving down the highway. She's asking me if I want to sign up for OnStar at such and such monthly rate. I have never been so distracted by anything while behind the wheel of a car, and vowed never to use any OnStar service again.
I'd just like to know whether or not the OnStar in my car, which I had hoped was disabled after not paying for it, will attempt to kill me again.
Re: (Score:2)
Re: (Score:2)
You will need to pull the fuse or disconnect the communication module. Otherwise, it is still vulnerable to hacking and/or (probably) a FISA rubber stamp.
Re: (Score:2)
all of them have problems, disconnect the onstar antenna from the module and stop worrying.
Still broken. (Score:2)
Onstar is easily compromised vial MTM attack and has been for 2 decades now. They need to give it decent encryption and allow the car owners to set passwords/pin numbers in the car system themselves that the car will ignore all communication attempts without it.