BMW & Mercedes Stumble Into Car Hack Territory

August 14, 2015 at 1:14 pm By

It’s not just the American automakers that need to worry about car hacks, BMW and Mercedes-Benz also share the same vulnerabilities that make them susceptible to a GM-styled OnStar hack.

“When security researcher Samy Kamkar revealed a bug in GM’s OnStar service last month that allowed a hacker to hijack its RemoteLink smartphone app, he warned that GM wouldn’t be the only target in an increasingly internet-connected auto industry rife with security flaws,” according to Wired.

“Now Kamkar’s proven himself correct: He’s found that the internet services of three other carmakers suffer from exactly the same security issue, which could allow hackers to unlock vehicles over the internet, track them in some cases, and even remotely start their ignitions.”

Clearly the price of your vehicle doesn’t reflect the safety flaws they possess in terms of dangerous vulnerabilities that can lead to even more dangerous hacks. By hacking into, locating and unlocking cars, the device that Kamkar used to present his information is highly valuable to thieves who are looking to make their job easier. Locating vehicles can also make it easy for thieves to follow you home and the dangerous possibilities grow from there.

“Over the last week, Kamkar has analyzed the iOS apps of BMW’s Remote, Mercedes-Benz mbrace, Chrysler Uconnect, and the alarm system Viper’s Smartstart, and found that all of those internet-connected vehicle services are vulnerable to the attack he used to hack GM’s OnStar RemoteLink app,” according to the article.

Kamkar told Wired that these apps give him highly sensitive log-in information which makes it easier to pose as the real consumer. Kamkar says that each app yields a different method of control over the vehicles but the important thing to remember is whatever kind it is, he is still able to control the vehicle. Automakers like Mercedes and Chrysler have responded to the hacks by saying there simply hasn’t been one real world example of these hacks making them “unnecessary concerns.”

Read the full story.