[YT]http://www.youtube.com/watch?v=7g0pi4J8auQ[/YT]

I'll be the first to admit I love technology, but I'm also the first to rip out every type of data connection that has any contact with the motor functions of my vehicle, and the one who hides behind numerous firewalls and layers of encryption. If there is an entrance, someone will find a way to open it and get in. If there is not an entrance, someone will MAKE one.

The video didn't mention that from inside the plants there is NO access to the internet. They thought that protected them from this type of event, but anything that passes data to the computer is a "door". Flash drives for example.

That'* scary stuff. And it'* only beginning, makes you wonder what will happen in the near future. Skynet comes to mind.

There have been a few people who have claimed to have plugged into the OBD-II port of CAN-based vehicles and been able to change radio stations, engage the brakes, and other nasty stuff.

Assuming it'* all true, it implies CAN bus access, which means that an adversary: (a) has OBD-II cable connected to your car and his computer, or (b) has studied GMLAN protocol documentation and developed a remote control device that has been soldered onto your car somewhere.

Just because a network is isolated doesn't mean that security is an afterthought. Not having a CAN- or GMLAN-enabled vehicle, I haven't paid much attention to the matter.

Makes me wonder what can be manipulated by a saavy Tech who can hack into OnStar Colin. Just how far can one command funtions through that network. I know they can track the car, lock the windows, shut off the engine. Is it possible complete PCM control can be had through OnStar and someone who has breached GM'* OnStar satellite system???

Knowing business software, I'm sure the developers abstracted and simplified things. As far as remote control, the call center reps likely only have the Track Vehicle, Lock/Unlock Doors, and Kill Fuel buttons on their screen.

But is that all OnStar is capable of, or can some disgruntled engineer write his own command sender and do things that the original designers never intended?

If GM has ever rolled out updates to OnStar that retroactively apply to older cars (e.g., "OnStar can now do X and Y, even on older cars, no new hardware needed!"), then chances are the answer is yes.

OnStar is a closed protocol, as are the doors of GM'* server room. We won't ever know much about how secure it is until the first hack takes place and the media jumps down their throat.

No one ever thought to secure HTTP, IP, DNS, SNMP, or SMTP; only later did they realize that they should bolt on some protection (HTTPS, IPsec, SNMPv3, SMTP-AUTH).

Seeing Playstation and several immense bank and credit entities take huge hits,.... protocol can't be developed "bulletproof". It has come to the point I am seriously thinking of having all my credit/debit account numbers changed and reverting to buying only in the real world and paying monthly bills by check and snail mail. It'* a sad inconvenience but recent events show us nothing is safe, and this hacking is only going to accelerate and eventually become severely malicious like no one could imagine.

speaking as someone who both reverse engineers and writes PCM code, it'* entirely possible that Onstar can do everything a Tech2 can do to a local vehicle(engage/disenage/modify pretty much anything PCM controlled, not to mention the various other modules in car).

it'* actually not even difficult assuming GM allows for ANY kind of software updating to the onstar stuff. just modify the program to allow for "fun, new capabilities", flash it to the module'* PROM and boom, you now have the potential to screw with whatever you want wirelessly on the vehicle you've been dealing with.

the only real trick to all of this is breaking whatever encryption GM uses for communicating between the vehicle and onstar itself, then you could potentially cause all of this on any onstar equipped vehicle....

this is why i do not have a bank account but a firproof safe with 1/4 inch steel welded around it and sunk into the floor..i KNOW my money is safe.Sue i have to give someone cash to use their credit card to buy stuff online but i know where my money is going and that only I can control it