Security Review: GM Onstar
GM’s OnStar service has been a sucess for several years now. It gives many services to people with GM vehicles. It provides some very powerful features such as GPS tracking, stolen vehicle slowdown, remote unlock and emergency services. However the technology imposes potential for exploitation.
Assets & Security Goals
The vehicle itself is a valuable property asset, as vehicles can be sold as parts (which can be worth more than the car) or for illegal export.
The vehicle’s tracking information also is valuable information in learning about the vehicle’s owner.
Threats/Adversaries
Other automakers may want to tarnish GM’s reputation.
Enemies of the vehicle’s owner may use it OnStar to their advantage.
Car theives can use OnStar to potentially find vehicles.
Weaknesses
Since OnStar is both a computerized and call-center based service, social engineering techniques can be used to make the vehicle vulnerable to exploitation.
If someone knew the OnStar specification, the attacker could control some vital parts of the system (locking, fuel system, lights).
Defenses
“Secure cellular connection that is authorized and authenticated by an OnStar server ” By authenticating communications, the vehicle should be more secure. Forgery of messages should be prevented by authorization given the system implements the proper authentication controls.
Security by obscurity - the OnStar technology is proprietary and is as well as well known as Windows CE or other platforms with vulnerabilities that are used in similar technologies (BMW, Fiat, Mitsubishi)
http://www.pctoday.com/editorial/article.asp?article=articles%2F2005%2Ft0310%2F05t10%2F05t10.asp
Since the OnStar system is not based on a well documented system, it is harder to find vulnerabilities other than reverse engineering, inspecting at the assembly level, or insider information.
Conclusions
There are valuable assests tied in with OnStar. However, due to the obscurity of the system, it should be relatively secure until the vulnerabilities are found. Social engineering could bypass these methods due to the call center approach, and could pose to be the biggest problem with securing the vehicle and its contents as an asset.
Comment by raind
March 21, 2008 @ 5:47 am
Gee you think? would have been more interesting, ie: slowing down a car remotely, have you looked at the specs?
Comment by James Youngman
March 25, 2008 @ 4:38 pm
Given the relative prevalence of GM vehicles I’m surprised that this writeup doesn’t even consider insider attacks. Most employees will know many GM owners.
I’m sure at least one GM employee knows at least one GM owner that they would contemplate harming. A requirement for the effectiveness of the security design is that it be unfeasibly difficult or costly for such an insider to perform an attack.
Comment by Avery Sawaba
March 25, 2008 @ 7:27 pm
“Other automakers may want to tarnish GM’s reputation.”
Completely unnecessary. GM is already fully capable of doing that on their own.
Am I missing the review somewhere? This seems like a high-level idea for a review based mostly on speculation, rather than any research of the subject. If an actual review or assessment were performed, I’d be interested in the results!
Surely, it must be possible to glean specifications for OnStar, if not through official, exhaustive documentation, then surely a list could be created via first-hand experiences, or OnStar feature listings from GM marketing.