Skip to main content

OnStar hacking issue resolved, General Motors says

About two weeks ago, a hacker exposed a vulnerability in General Motors’ OnStar telematics system that could allow ne’er-do-wells to remotely seize control of vehicles. GM has been implementing a fix to the problem, is now certain it is under control.

“We’re confident the issue is closed,” Terry Inch, GM’s OnStar chief, said in an interview with WardsAuto at a recent OnStar press event. GM began deploying its software fix almost immediately after the issue became public, and now believes the vulnerability has been completely eradicated.

Recommended Videos

Uncovered by researcher Sammy Kamkar, the vulnerability allowed hackers to break into a car’s onboard systems using the OnStar RemoteLink smartphone app. Chamber used a device positioned on the victim car to harvest credentials, and then use those credentials to mimic the app.

Since the app allows drivers to do things like remotely lock and unlock doors, or start the engine, those powers would be conferred to the hacker. GM has since added a patch that allows the OnStar system to check for fake access certificates, something it wasn’t programmed to do before.

“We feel the vulnerability is taken care of by downloading the new RemoteLink app,” GM’s Inch said. However, he cautioned that future hacking episodes are still possible, saying that “we can’t say something like this will never happen again.”

Inch said GM is always looking into ways to improve the system, including working with universities and government agencies to identify additional possible weak points, and to pre-empt any future hacker attacks.

The OnStar hack came hot on the heels of a vulnerability in Chrysler’s Connect infotainment system that allowed researchers Charlie Miller and Chris Valasek to remotely take control of a Jeep Cherokee. Fiat Chrysler Automobiles is recalling 1.4 million vehicles to implement a software fix.

Perhaps the most tech-heavy car on the market, the Tesla Model S, also became a victim recently. At the recent DefCon convention in Las Vegas, hackers Kevin Mahaffey and Marc Rogers claimed they were able to break into a Model S and control certain functions, including remotely shutting the car down.

As cars become increasingly connected and computerized, it seems the same vulnerabilities that plague smaller-scale electronic devices are creeping into dashboards. Consumers may soon have to decide if connectivity is worth the price of safety.

Stephen Edelstein
Stephen is a freelance automotive journalist covering all things cars. He likes anything with four wheels, from classic cars…
Waymo recalled 1,200 robotaxis following collisions with road barriers
Waymo Jaguar I-Pace

Waymo’s autonomous-car technology has made great advances over the years to the point where it’s now allowed to offer paid robotaxi rides in select locations in the U.S.

But the development of the technology is ongoing, and the robotaxi rides continue to gather valuable data for Waymo engineers to pore over as they further refine the driverless system to make it as reliable and efficient as possible. Which is why glitches will sometimes occur.

Read more
Apple CarPlay Ultra looks stunning in Aston Martin supercar debut
Apple CarPlay Ultra

Apple CarPlay Ultra is the next generation of the Cupertino, California-based firm's smartphone projection system for your car, and it's available in new vehicles in the US and Canada.

When we say "new cars", your options are very much limited to one brand... Aston Martin. So you'll need deep pockets if you want to experience CarPlay Ultra for yourself.

Read more
Archer’s flying taxis head to LA for the 2028 Olympics
archer air taxi la28 inglewood aerial a final

Remember the buzz about flying taxis zipping through Paris for the 2024 Olympics? That sci-fi fantasy never got off the ground —Germany’s Volocopter dream was denied certification, leaving fans staring at the same old ground traffic. But now, the skies are opening again for a second shot at glory—this time over Los Angeles.
Archer Aviation, the California-based electric vertical takeoff and landing (eVTOL) company, has been named the exclusive air taxi provider for the 2028 Los Angeles Olympic and Paralympic Games.
Archer’s Midnight aircraft, a piloted electric air taxi designed to carry four passengers, will be whisking around VIPs, fans, and stakeholders between venues and key locations like LAX, Hollywood, Santa Monica, and even Orange County. Think 10-20 minute flights that skip the infamous LA gridlock and land you right where the action is—on the roof, basically.
“We want to transform the way people get around Los Angeles and leave a legacy that shapes the future of transportation in America. There’s no better time to do that than during the LA28 Games,” said Adam Goldstein, CEO and founder of Archer Aviation.
And Midnight isn’t just a pretty rotor. It’s a whisper-quiet, emission-light aircraft with 12 rotors and a redundant, airline-level safety design.
What’s more, Archer and LA28 are working together to electrify vertiport hubs around the city—think futuristic sky stations—to serve not only Games-time needs but also to plant seeds for a post-Olympic air mobility network.
The air mobility market has been fast developing over the past few years, featuring the likes of Hyundai partnership with China’s XPeng HT Aero and Toyota's backing of Joby Aviation, a U.S. venture. Joby bought Uber Elevate in 2020, hoping to someday pair its air taxis with Uber’s ride-hailing app.
Archer, for its part, has been busy building a strategic partnership with United Airlines, which has already placed orders for the aircraft and is helping with logistics to integrate air taxis into airport-to-downtown travel. More than a demo for the cameras, the LA28 partnership will showcase urban air travel for real-world daily use, starting with one of the most high-profile events on Earth.
After raising false hopes in Paris, the air taxi dream is aiming for liftoff in LA—and this time, it might just stick the landing.

Read more