GM working to close OnStar security hole dug up by DARPA

General Motors is developing a fix for its OnStar telematics system after researchers found a way to hack into one of its cars and take over several functions, including the brakes.

In a segment covering cybersecurity on Sunday night’s "60 Minutes," a team led by Dan Kaufman, software innovation chief at the Defense Advanced Research Projects Agency, or DARPA, demonstrated how it was able to wirelessly hack into the computer systems of a Chevrolet Impala during a controlled situation and remotely control several operations.

Although the intentionally-disguised vehicle was described by "60 Minutes" correspondent Lesley Stahl as a “regular new car,” it was actually a 2009 Impala running an older version of the OnStar software, according to GM spokeswoman Deana Alicia. The automaker isn’t sure, however, if the software was modified by DARPA in any way.

It’s also not clear if DARPA hacked the vehicle over a public cellular network, or through other means, but it was apparently able to install malignant code via the OnStar connection that gave researchers control over many of the car’s functions, according to the 60 Minutes report. DARPA has not yet responded to a request from Fox News for more details on the exact method used to access the car.

General Motors had been working with the agency on the five-year project that led to the hack, and GM spokeswoman Renee Rashid-Merem says that, along with academic research in the field, it has helped the automaker to “better understand how hackers may look at vehicles and how to improve hardware and software designs for current and future vehicles.”

The "60 Minutes" piece aired ahead of the Monday release of a report on automotive cybersecurity conducted at the behest of Sen. Ed Markey, D-Mass., which concluded that automakers have failed to adequately protect their vehicles' systems from potential hackers, calling the security measures currently in place “inconsistent and haphazard across all automobile manufacturers.”

Last week, BMW revealed that it had fixed a flaw in its ConnectedDrive telematics system that was discovered by a German automobile club and could allow someone using a fake cellular tower to connected to an individual car and open its windows or unlock its doors. More than 2.2 million cars were susceptible to such a breach.

Rashid-Merem says a solution to the OnStar vulnerability uncovered by DARPA has been found, but could not confirm if an update to the software has been implemented. However, she says that more recent versions of the system are not at risk to the same type of attack, and the company is unaware of any successful intrusions of its vehicles outside of a research environment.

Gary Gastelu is's Automotive Editor.