by venturebeat

Researcher says he can hack GM’s OnStar app, open vehicle, start engine

US-GM-HACKING.jpg

Above: A mobile phone displays the OnStar app inside a Chevrolet Volt vehicle in this photo illustration taken in Encinitas, California, July 30, 2015. REUTERS/Mike Blake
上图:2015年7月30日,在加利福尼亚在Encinitas,一张显示雪佛兰Volt车内采取了OnStar的手机插图照片。路透社/迈克布莱克
BOSTON/DETROIT (Reuters) – A researcher is advising drivers not to use a mobile app for the General Motors OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely.
波士顿/底特律(路透社)——一位研究员是劝告司机不要使用通用汽车OnStar车载通信系统的移动应用程序,称黑客可以利用该产品的一个安全漏洞,远程解锁汽车并启动发动机。

一名研究人员劝告司机不要使用通用汽车公司的 OnStar 车载通信系统的移动应用程序,称黑客可以利用该产品的一个安全漏洞,在远处就可以解锁汽车并且启动发动机。

“White-hat” hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to “locate, unlock and remote-start” vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service.

“白帽子”黑客Samy Kamkar在周四发布了一个视频,称通过拦截OnStar RemoteLink移动应用程序和OnStar服务之间的通信,他想出了一个办法来“定位、解锁和远程启动”汽车。

Kamkar said he plans to provide technical details on the hack next week in Las Vegas at the Def Con conference, where tens of thousands of hacking aficionados will gather to learn about new cybersecurity vulnerabilities.

Kamkar表示,他计划在下周拉斯维加斯的 Def Con 大会上提供黑客技术细节。那里会有数以万计的黑客爱好者参加,学习新的网络安全漏洞。

Kamkar released the video a week after Fiat Chrysler Automobiles recalled some 1.4 million vehicles after hacking experts demonstrated a more serious vulnerability in the Jeep Cherokee. That bug allowed them to gain remote control of a Jeep traveling at 70 miles per hour on a public highway.

Kamkar发布视频一周前,菲亚特克莱斯勒汽车召回了140万辆黑客专家论证后的吉普Cherokee存在更严重漏洞的汽车。这个漏洞使他们能够远程获取控制在一个公共公路上以每小时70英里行驶的吉普车。
GM spokesman Terrence Rhadigan told Reuters via email that the company was preparing an update to the RemoteLink app that would address the vulnerability. “It’s days away,” Rhadigan said.

通用汽车发言人Terrence Rhadigan通过电子邮件告诉路透社,公司正准备更新RemoteLink应用程序,将解决此缺陷。Rhadigan说,“将在这几天了”。

When asked via email if it was safe to use the app before an update is released, Rhadigan said: “We believe the chances of replicating this demonstration in the real world are unlikely. In addition, the action involves one user at a time, and would impact only that specific user’s account.”

当通过通过电子邮件被问到在此app更新发布之前使用是否安全时,Rhadigan说:“我们相信,在现实世界中复制这种演示的机率是不可能的。此外,该行动涉及一个用户在一个时间,并只会影响特定用户的帐户。

The issue drew the attention of U.S. safety regulators from the National Highway Traffic Safety Administration.

这一问题引起了美国国家公路交通安全管理局美国安全监管人员的注意。

Agency representatives discussed the issue with GM officials, who said the flaw could involve doors and engine start-stop but does not involve other critical safety systems, according to a person familiar with those discussions.

据一位知情人士透露,机构代表与通用汽车公司领导讨论了此问题,他们说该缺陷可能涉及车门和发动机的启停,但不涉及其他关键的安全系统。
The agency responded by making some suggestions, including disabling the app’s function until customers perform the update, according to the person.

此人表示,该机构回应时提出一些建议,包括禁用该应用程序的功能,直到客户进行更新。

More than 3 million people have downloaded the OnStar RemoteLink mobile app for Apple iOS and Google devices, according to OnStar’s website.
根据OnStar网站,超过3百万人在苹果iOS设备和谷歌系统上下载了安吉星RemoteLink的移动应用程序。
(Reporting by Bernie Woodall in Detroit and Jim Finkle in Boston; Editing by Jonathan Oatis, Jeffrey Benkoe and Dan Grebler)
(由Bernie Woodall 在底特律和Jim Finkle在波士顿报告;由Jonathan Oatis,Jeffrey Benkoe和Dan Grebler编辑)