GM took 5 Years to Fix Full Control Hack In Millions of Vehicles Equipped with OnStar

Table of Contents

    GM took 5 Years to Fix Full Control Hack In Millions of Vehicles Equipped with OnStar

    For frequent readers of this blog, you know that we frequently look at the potential problems the introduction of new technology are likely to create. In months past we have looked at a number of the challenges presented by cars equipped with onboard computers. Onboard computers can enable auto manufactures to include many features and amenities, but there is a cost behind many of these technological improvements. For instance, cars with keyless ignitions may increase the risk of carbon monoxide poisoning due to an accidental failure to deactivate the vehicle. Likewise, the presence of numerous entertainment systems in a vehicle may lead to more frequent and severe driver distractions.

    However, the concern we have been most ill at ease regarding is that of the security of new vehicles with computer systems that are wirelessly networked and interconnected. However recent developments show that the hacking and tracking of a driver is no longer theoretical, it can be done in the wild.

    The Rapid Progress in Vehicle Hacking

    Back in 2013, people first sounded the alarm concerning the potential hacking of new vehicles with complex computerized systems after security expert Chris Valasek seized control of a Toyota Prius using a tethered (wired) exploit. At the time, auto manufacturers and other dismissed the hack because it could only be carried out with a laptop attached to the vehicle.

    But, in 2014, at the annual Black Hat security conference, Valasek and fellow security researcher Charlie Miller demonstrated an exploit that could function without a physical connection to the car over the Bluetooth or WiFi interface. At the time we speculated that with the increasing prevalence of WiFi and Bluetooth in vehicles and the announcement of cellular 4g LTE radios in vehicles, such as OnStar 4g LTE, that 2015 could be the year where wireless vehicle hacking goes mainstream.

    Security Researchers Remotely Kill a Jeep on a Highway

    In late July Wired wrote about the potential to carry out an untethered remote hack on Jeeps. The way the author and the security researchers carried out this demonstration was reckless and cannot be recommended since it was performed on a public highway, but the demonstration provides an important warning for all drivers considering the purchase of a smart or interconnected vehicle.

    The author writes that security researcher Chris Valasek and Charlie Miller demonstrated a remote hack with an array of capabilities while he was driving on I-64 outside of St. Louis. Some of the functions that can be performed once Valasek and Miller gained control of the vehicle included:

    • Controlling the vehicle’s brakes including disabling the brakes and braking abruptly.
    • Controlling the vehicle’s brakes including disabling the brakes and braking abruptly.
    • Controlling the vehicle’s steering while it is in reverse.
    • Controlling the vehicle’s AC and climate control system.
    • Controlling the vehicle radio and entertainment system.
    • Disabling in-vehicle control of the climate or entertainment systems.
    • Controlling vehicle wipers and washer fluid.
    • Displaying an arbitrary image on the in-vehicle screen.
    • Controlling the vehicle’s accelerator.
    • Controlling the vehicle’s brakes including disabling the brakes and braking abruptly.

    Aside from the direct remote control Valasek and Miller demonstrated, their hack also raises privacy concerns since they are also able to track the Jeep’s GPS coordinates and its speed. In short, Valasek and Miller have shown that any vehicle with an IP address is vulnerable to an attack.

    While a fix for this particular hack is available, it can only be installed via a USB stick or by taking the vehicle to a dealer. All drivers with UConnect equipped Jeep Cherokees are urged to install the fix since Miller and Valasek have made much of their work public. In the coming months, malicious hackers may reverse engineer the pieces that Miller and Valasek withheld for consumer protection. Therefore, immediate action is recommended.

    Miller and Valasek believe that the release of the information is not only warranted but necessary. Releasing the exploit subjects it to peer review and can result in valuable security insights. Furthermore, the release signals to automakers that they are accountable for attempting to transform cars into smartphones. Miller states, “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone.”

    Car Accident Lawyer Near Me

    GM Allowed Full Control Remote Hack to Fester for 5 Years

    However, recently revealed information shows that remote vehicle hacking has progressed even more quickly than we initially believed from the demonstrations provided by Valasek and Miller. In fact, a functional remote control hack of GM vehicles was developed and disclosed to GM back in 2009. Despite having knowledge of the hack for more than five years, GM only recently took effective action to address it. All previous attempts were insufficient and did not prevent the remote seizing of vehicle control from the driver. The researchers from the University of California at San Diego and the University of Washington also state that they informed NHTSA in 2009.

    The hack was tested on a 2009 GM Chevy Impala, but it should work on vehicles with similar hardware where the OnStar system functions over a Verizon CDMA voice network. OnStar systems that use this network type operate in a fashion not completely different from an analog modem that listens for a certain tone to negotiate connection. The system was designed in this fashion since, in 2009 and earlier, Verizon’s voice network had a much larger footprint than its data network. By reverse engineering the communications protocol and simulating this tone, a remote hacker could begin to gain control of the car eventually taking control of the CAN bus.

    The hack was essentially a full-takeover of the vehicle. The hack could track vehicles, engage the brakes, and disable the brakes. In short and without belaboring the point, the exploit could accomplish everything that Valasek & Miller’s exploit could. According to one researcher who worked on the project, “We basically had complete control of the car except the steering.”

    Researchers Believe Auto Makers Are Not Ready to Meet the Security Challenges of Connected Vehicles

    Due to their knowledge, experience, and watching GM attempt to address their problem the security researchers state that GM was not negligent or asleep at the switch while a serious safety problem existed in its vehicles. Rather, the researchers believe that GM and other companies simply were not prepared and did not have the institutional knowledge and experience to handle these challenges. They believe that many automakers still lack this critical ability.

    GM’s first known attempt to address the private exploit came in 211 when it worked with Verizon to implement security measures on Verizon’s wireless network. The security measures were supposed to block people’s ability to open a data connection to an OnStar computer except for machines on a pre-defined whitelist. Unfortunately, this fix was not effective and an unidentified coding or networking glitch would still permit the Onstar computer to receive unauthorized data connections about 8 to 12 percent of the time. GM states that it tweaked its protections numerous times, but these fixes proved ineffective. The security researchers were able to replicate their attack in demonstrations to PBS in 2012, and to 60 Minutes in late 2014.

    Finally, in early 2015, GM apparently developed a fix that would prevent this hack from seizing full control over a vulnerable vehicle. However, the problem with older OnStar models is that there is no over-the-air (OTA) update functionality. Any software fix would have likely required a recall. Thus GM developed a method to remotely hack its customer’s vehicles to enable an OTA update feature. According to Jeff Massimilla, chief security officer for GM, “We provided a software update over the air that allowed us to remediate the vulnerability.”

    Mr. Massimilla admits that “Five years ago, the organization was not structured optimally to fully address the concern.” However, he believes that GM is now positioned to respond swiftly and diligently to emerging cybersecurity threats. However, the proof will be in the results. While GM’s fairly rapid recent fix for an exploit found in its iPhone OnStar app is encouraging, but the true test will come when we see the company’s response to the next 0-day exploit – and hopefully that exploit won’t be a 0-day public release.

    Verdicts & Settlements

    $13 Million

    Auto Defect/Product Liability

    Read More
    $8 Million

    Auto Defect/Product Liability

    Read More

    Our Offices

    1500 John F. Kennedy Blvd #501
    Philadelphia, PA 19102
    Get Directions

    Get a Free Case Review

    "*" indicates required fields

    This field is for validation purposes and should be left unchanged.