GM’s OnStar service has been a sucess for several years now. It gives many services to people with GM vehicles. It provides some very powerful features such as GPS tracking, stolen vehicle slowdown, remote unlock and emergency services. However the technology imposes potential for exploitation.<\/p>\n
<\/p>\n
Assets & Security Goals<\/strong><\/p>\n The vehicle itself is a valuable property asset, as vehicles can be sold as parts (which can be worth more than the car) or for illegal export.<\/p>\n The vehicle’s tracking information also is valuable information in learning about the vehicle’s owner.<\/p>\n Threats\/Adversaries<\/strong><\/p>\n Other automakers may want to tarnish GM’s reputation.<\/p>\n Enemies of the vehicle’s owner may use it OnStar to their advantage.<\/p>\n Car theives can use OnStar to potentially find vehicles.<\/p>\n Weaknesses<\/strong><\/p>\n Since OnStar is both a computerized and call-center based service, social engineering techniques can be used to make the vehicle vulnerable to exploitation.<\/p>\n If someone knew the OnStar specification, the attacker could control some vital parts of the system (locking, fuel system, lights).<\/p>\n Defenses<\/strong><\/p>\n “Secure cellular connection that is authorized and authenticated by an OnStar server ” By authenticating communications, the vehicle should be more secure. Forgery of messages should be prevented by authorization given the system implements the proper authentication controls.<\/p>\n Security by obscurity – the OnStar technology is proprietary and is as well as well known as Windows CE or other platforms with vulnerabilities that are used in similar technologies (BMW, Fiat, Mitsubishi)<\/p>\n http:\/\/www.pctoday.com\/editorial\/article.asp?article=articles%2F2005%2Ft0310%2F05t10%2F05t10.asp<\/a><\/p>\n Since the OnStar system is not based on a well documented system, it is harder to find vulnerabilities other than reverse engineering, inspecting at the assembly level, or insider information. There are valuable assests tied in with OnStar. However, due to the obscurity of the system, it should be relatively secure until the vulnerabilities are found. Social engineering could bypass these methods due to the call center approach, and could pose to be the biggest problem with securing the vehicle and its contents as an asset.<\/p>\n","protected":false},"excerpt":{"rendered":" GM’s OnStar service has been a sucess for several years now. It gives many services to people with GM vehicles. It provides some very powerful features such as GPS tracking, stolen vehicle slowdown, remote unlock and emergency services. However the … Continue reading
\nConclusions<\/strong><\/p>\n