Security Review: GM Onstar
GM’s OnStar service has been a sucess for several years now. It gives many services to people with GM vehicles. It provides some very powerful features such as GPS tracking, stolen vehicle slowdown, remote unlock and emergency services. However the technology imposes potential for exploitation.
Assets & Security Goals
The vehicle itself is a valuable property asset, as vehicles can be sold as parts (which can be worth more than the car) or for illegal export.
The vehicle’s tracking information also is valuable information in learning about the vehicle’s owner.
Threats/Adversaries
Other automakers may want to tarnish GM’s reputation.
Enemies of the vehicle’s owner may use it OnStar to their advantage.
Car theives can use OnStar to potentially find vehicles.
Weaknesses
Since OnStar is both a computerized and call-center based service, social engineering techniques can be used to make the vehicle vulnerable to exploitation.
If someone knew the OnStar specification, the attacker could control some vital parts of the system (locking, fuel system, lights).
Defenses
“Secure cellular connection that is authorized and authenticated by an OnStar server ” By authenticating communications, the vehicle should be more secure. Forgery of messages should be prevented by authorization given the system implements the proper authentication controls.
Security by obscurity - the OnStar technology is proprietary and is as well as well known as Windows CE or other platforms with vulnerabilities that are used in similar technologies (BMW, Fiat, Mitsubishi)
http://www.pctoday.com/editorial/article.asp?article=articles%2F2005%2Ft0310%2F05t10%2F05t10.asp
Since the OnStar system is not based on a well documented system, it is harder to find vulnerabilities other than reverse engineering, inspecting at the assembly level, or insider information.
Conclusions
There are valuable assests tied in with OnStar. However, due to the obscurity of the system, it should be relatively secure until the vulnerabilities are found. Social engineering could bypass these methods due to the call center approach, and could pose to be the biggest problem with securing the vehicle and its contents as an asset.
Comment by raind
March 21, 2008 @ 5:47 am
Gee you think? would have been more interesting, ie: slowing down a car remotely, have you looked at the specs?
Comment by James Youngman
March 25, 2008 @ 4:38 pm
Given the relative prevalence of GM vehicles I’m surprised that this writeup doesn’t even consider insider attacks. Most employees will know many GM owners.
I’m sure at least one GM employee knows at least one GM owner that they would contemplate harming. A requirement for the effectiveness of the security design is that it be unfeasibly difficult or costly for such an insider to perform an attack.
Comment by Avery Sawaba
March 25, 2008 @ 7:27 pm
“Other automakers may want to tarnish GM’s reputation.”
Completely unnecessary. GM is already fully capable of doing that on their own.
Am I missing the review somewhere? This seems like a high-level idea for a review based mostly on speculation, rather than any research of the subject. If an actual review or assessment were performed, I’d be interested in the results!
Surely, it must be possible to glean specifications for OnStar, if not through official, exhaustive documentation, then surely a list could be created via first-hand experiences, or OnStar feature listings from GM marketing.
Comment by Employee
May 21, 2008 @ 8:59 pm
I actually work in one of the OnStar centers. The social engineering, while still the most feasible method to abuse the OnStar system, would still be very difficult. I went through 6 weeks of training before even getting on the phones, and a lot of that was security for the clients. There are dozens of supervisors on the floor at any given time watching to make sure we go through proper security processes, and if we don’t verify certain pieces of security information, and sign off with our name that we verified it then all the personal information cannot be given out. If it is given to the wrong person, it can easily be tracked back to who gave it out, and that is likely to be followed by termination of employment, and charges by the company.
And that is also the same thing for having a grudge against someone with a GM vehicle. Every button I press, and every action I do to a vehicle is kept on file. Granted, not every case is reviewed, but as soon as a complaint is filed, the case is reviewed within a matter of hours, and the advisor that was on the case is either approached if he’s working, or they will actually call us to come in so they can speak with us. It has happened before, and I’ve seen it happen, but I would not have wanted to be that person.
And the article is correct about the OnStar system being very hard to find information on. Everything inside the building is labelled as “OnStar Proprietary information”, meaning it can’t leave the building. Even my schedule is labelled as that. Hell, I’m not even allowed to have a pen/pencil and paper at my desk, because we may write something down and take it home that we aren’t supposed to. If we need to write anything down, we are given a whiteboard and erasable marker (both again being proprietary somehow) that can’t leave the building. And with all the supervisors around constantly watching us, they’d be able to tell if there was any personal information written down about a person that shouldn’t be, whether it’s the name or a credit card number. I know I’ve received a wristslap at work for writing down a clients name and cell phone number, because I had to call them back as the car battery was dead, and the OnStar system would shut down after 5 minutes. We don’t have printers, and the OnStar environment is almost completely paper free.
I could probably be fired even just for talking about that stuff, even though it’s positive for the system and doesn’t really expose any exploits, it’s still talking about the system in ways that most people don’t realize.