Car hacker finds flaws in Mercedes, BMW, Chrysler systems

Two weeks after a security researcher revealed how he could remotely control upwards of millions of GM automobiles by exploiting a vulnerability with its OnStar navigation systems, the hacker now says that cars sold by Mercedes-Benz, BMW and Chrysler are similarly susceptible to attack.

A homemade box built by Samy Kamkar with less than $100 in electronics had allowed him to start car engines and unlock doors from any Internet-connected computer until GM fixed a flaw within the smartphone app that links up with its OnStar system.

But even after releasing a proof-of-concept video and discussing his exploit at the DefCon security conference in Las Vegas last week, Mr. Kamkar says that further research has revealed that other systems on high-end cars can be compromised as well.

Mr. Kamkar tweeted Thursday that he had updated his crude device, the “OwnStar,” to hack systems used by Mercedes-Benz, BMW and Chrysler.

Smartphone applications that work with those automobiles have the same problem that GM’s RemoteLink app did and could potentially be exploited to give hackers full control over critical functionality, he explained in a follow-up interview to Ars Technica, a technology website.

The “OwnStar” has to be custom built and then physically affixed to a targeted vehicle. Once that much is accomplished, however, Mr. Kamkar says it’s not that difficult for a hacker to gain remote access over the auto.

The box contains a Wi-Fi hotspot that’s configured to trick the RemoteLink phone app into establishing a connection; once the devices begin communicating, the OwnStar exploits a security flaw involving the way user credentials are sent from the app to GM’s servers in order to capture that data and pass it to the person running the malicious Wi-Fi network.

Not only did the exploit work with the RemoteLink for OnStar, but an updated version of his tool can take advantage of the same vulnerability in the BMW Remote, Mercedes-Benz mbrace and Chrysler’s Uconnect services on Apple iOS devices, Ars Technica reported.

Mr. Kamkar has alerted the latest automakers discovered to be susceptible to the attack, the website added, but cautioned car owners to avoid using their apps until patches are released.

“We’re really only scratching the surface of the security of these vehicles,” he told WIRED.com this week. “Who knows what will be found when researchers look further.”