Disabiling OnStar

Chevy Bolt EV Forum

Help Support Chevy Bolt EV Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

berkeleybolt

New member
Joined
Feb 13, 2017
Messages
3
Bolt Owners,

I see no point--even disadvantages--to "OnStar."

  • It tracks you all the time
  • Law enforcement agencies can order OnStar to turn on the microphone in the car and remotely wiretap you at any time
  • The other day it started talking to me about something--sounded like a marketing call.
  • The OnStar connection probably makes your car more vulnerable to hacking too.

So I want to disable, unplug, or otherwise find a way to turn it off. The purported advantages of accident detection, etc., aren't of value to me--I live in a city and do not drive much. My car is also unlikely to be stolen because of garages at home and work.

I unplugged the fuse -- F31 is for OnStar. This seemed to work but then I realized that pulling the fuse also kills power to the in-car microphone, so bluetooth/carplay calling doesn't work anymore.

Any other suggested approaches? Anyone know where the OnStar appliance is located within the car?

View attachment Screen Shot 2017-03-15 at 10.00.32 AM.png
 
While OnStar has its benefits, I agree with you about the fact that you can always be tracked. Unfortunately, it's not only OnStar, lots of advanced cars share this issue.
 
I want to do a physical intervention, not a call to GM, because of things like this: https://arstechnica.com/security/2015/07/ownstar-researcher-hijacks-remote-access-to-onstar/:

Samy Kamkar, a Los Angeles-based security researcher and hardware hacker, has created a device called OwnStar that can find, unlock, and remote start General Motors cars equipped with OnStar.

Does anyone know where the Onstar module is in the Bolt? Apparently unplugging the antenna, as show here, is effective: https://www.youtube.com/watch?v=KAbTy_jFcbc
 
FWIW, I have no intention of paying for OnStar after the 3 months is up and will be happy to learn disconnect the antenna per the video.

Would rather just disconnect and remove the OnStar box from the car but I gather from the video that you need to keep it installed in order for the radio, phone bluetooth and other functions of the car to operate properly. If that's not the case, I'd rather just remove it.

Staying posted to hear from people more knowledgeable and experienced in this area.
 
It is good to be concerned about the hackability of GM's OnStar system, as well as comparable systems from other manufacturers. The white hat hacking community has been pretty good at identifying security flaws in connected cars. They've identified security issues, notified the affected automobile manufacturer, and only revealed the vulnerabilities after a fix has been identified.

It's easy to get the OnStar marketing voice to appear by accident. I pressed the OnStar app on the Infotainment system in my quest to find the phone number associated with the car and got a spiel detailing all the things that it can do and it then asked me what I wanted.

In order for Law Enforcement to get OnStar to turn on the microphone in the car and start recording you, or your passengers, it requires this thing called a court order from a judge to do so. TV seems to paint this process as an overly simple thing to do where judges just grant them on the flimsiest of excuses. It's not nearly as easy as that.

If you don't want to be tracked by OnStar, you probably should ditch your cell-phone as well, since even non-smart phones have the ability to be tracked because of the enhanced-911 requirement.
 
devbolt said:
If you don't want to be tracked by OnStar, you probably should ditch your cell-phone as well, since even non-smart phones have the ability to be tracked because of the enhanced-911 requirement.

It is a lot faster and easier to turn off your cell phone (or remove the battery and SIM card) than it is to physically disable OnStar. Or at least it is on MY cell phone.
 
SparkE said:
devbolt said:
If you don't want to be tracked by OnStar, you probably should ditch your cell-phone as well, since even non-smart phones have the ability to be tracked because of the enhanced-911 requirement.

It is a lot faster and easier to turn off your cell phone (or remove the battery and SIM card) than it is to physically disable OnStar. Or at least it is on MY cell phone.
I've got an iPhone 6S. It's pretty much a tossup over whether the iPhone or OnStar is more difficult to disable... I haven't had a removable battery since my Palm Treo 650 some 8 or so years ago.
 
First, make your last OnStar call to disable the service.

Then pull off the interior fuse cover (first layer of plastic under the headlight knob) and remove the F31 fuse.

That's it! It is easily reversible by putting the fuse back in, in case you want to enable it again.


Bluetooth phone and audio still works; and Wi-Fi can still be enabled (obviously disable it if you're worried about being hacked or tracked).

Compass, automatic time synchronization, and location-based charging do not work with F31 removed. Haven't found anything else different...

GPS is a passive signal, so in theory a finer-grained method could be found to keep location-based charging working while preventing active cell or Wi-Fi signals from reporting the location.

And obviously compasses have been around for centuries before cell networks; so maybe a finer-grained method could be found to keep that working, too. (Or get an old school one)


Anyways, I always put phones into Airplane Mode when driving. It is to avoid interference for music playback and any other electronics; and I don't believe in driving while distracted by calls, not even with "hands-free" systems. Half my cell phone conversations are "Huh? What? Can you hear me now?", so I definitely refuse to be distracted by that when driving.

If you're even more paranoid, put the phone into a conductive all metal box wired to a ground on the steel frame. Still put it into airplane mode or turn it off in that case, otherwise the phone battery will drain fast as it boosts antenna power to find a signal in a Faraday cage.
 
Yes, I can also be tracked through my phone. But privacy is not binary. If I kill the Onstar connection, I also kill all of Onstar's secondary uses of my information. Disclosure: I am a lawyer. One can drive a truck through this list of 17 uses of onstar data. Basically, any use of the information is allowed under the formulation of Onstar's privacy policy https://www.onstar.com/us/en/footer-links/privacy-policy.html?g=1.

We may use your information in order to:
provide our products and services
improve the quality, safety, and security of our products and services
develop new products and services, including autonomous vehicle and car-sharing products and services
maintain customer relationships and communicate with you
administer your account(s) and process your payments for products and services
operate our websites and applications, including online registration processes
provide customer and vehicle support and service (for example, recall information, servicing and maintenance or warranty service)
provide product and service updates
evaluate the quality, safety, and security of our products and services
collect outstanding debts
for research, evaluation of use, and troubleshooting purposes
protect the safety of you or others
verify eligibility for vehicle purchase or incentive programs
perform marketing, including interest based marketing and advertising (with necessary consents)
administer your participation in contests, quizzes, surveys, promotions and offers
customize and improve communication content and your experience with GM and
comply with legal, regulatory or contractual requirements

And then check out the "sharing" (i.e. selling)

How We May Share YOUR INFORMATION


We may share your information as follows for the uses described below (and where required we will obtain additional consent or anonymize the information):



GM Family of Companies: Within the GM family of companies (for example, OnStar, Maven) for the above uses.



Emergency Service Providers: With emergency service providers, such as law enforcement, roadside assistance providers, and ambulance providers, in order to deliver related services (for example, Stolen Vehicle Assistance Services).



Business Partners and Independent Third Parties: With business partners, such as SiriusXM in connection with the satellite radio hardware installed on your vehicle and the associated products and services provided by SiriusXM, research institutes, for research and development purposes (for example, improving highway safety), dealers, fleet or rental companies, for service maintenance of your vehicle, and marketing activities. We may also share data with third parties where you have elected to receive a service from them and authorized them to request data from GM (for example, financial organizations who offer financing for the purchase or lease of GM vehicles or usage based insurance providers) or for promoting joint marketing programs.



Service Providers: With our product and service providers who work on our behalf in connection with the above uses, such as wireless service providers (e.g. AT&T), companies that administer our contests and promotions, host and/or operate our website, send communications, perform data analytics, credit card processors, or system providers necessary to process, store, or manage credit card information (we will not otherwise share your credit card information).



Where Required or Permitted by Law: As required or permitted by law, such as in conjunction with a subpoena, government inquiry, litigation, dispute resolution, or similar legal process, when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, to detect, investigate and prevent fraud, or to conduct screening to ensure you are not on any government list of restricted parties.



Business Transfers: With a prospective or completed sale, transfer, or financing of a part of a GM business or its assets.
 
berkeleybolt said:
I want to do a physical intervention, not a call to GM, because of things like this: https://arstechnica.com/security/2015/07/ownstar-researcher-hijacks-remote-access-to-onstar/:

Samy Kamkar, a Los Angeles-based security researcher and hardware hacker, has created a device called OwnStar that can find, unlock, and remote start General Motors cars equipped with OnStar.
To be fair, that was a problem with the phone app, not with the car's OnStar equipment. You could eliminate those kinds of vulnerabilities by simply not installing the OnStar app on your phone.

But I certainly do get where you're coming from.
 
I agree with everybody that OnStar is a poor value (money spent for the benefits you get) and I also agree that it's a major privacy concern.

On the tiny other hand, after 3 months, the OnStar app still works, so you can remote start your car, check it's range and charge status, etc over the cell network. Maybe this is a minor benefit to some, I wouldn't call it major benefit by any means, but I like it when I'm out of keyfob range and I want to cool the car off before I put kids inside - movie theater, restaurant, etc, or I'm just too damn confused and I can't remember if I locket the car. The other thing is OTA updates. The head unit, at least, can supposedly get OTA software updates. And if the gripes on the other threads are any indication, the head unit is going to need LOTS of love, as it's a crashy piece of garbage, and good luck getting it updated at the dealership if they're expecting it to be updated OTA.

BUT - Is it worth getting put on a no-fly list for making critical remarks about the government while in the supposed privacy of your own car? Who could really say.

Bottom line is this - If the remote start feature gave out after my trial period, I'd be yanking the antenna immediately.
 
I would say being able to remotely start the climate control is a MAJOR advantage. There are few things more miserable than getting in your car on a blazingly hot day, when the car is in direct sunlight. Much better if the car is pre-cooled.
 
Call me paranoid but, if I can remotely start my car's climate control or ignition, so can someone else and I don't want anyone else to have that level of control over my car. Granted, it is highly unlikely that MY car will ever be targeted for such attention but the mere possibility is off putting to me.

You can also call me old fashioned but I'm happy to just open and start the car the way it's always been done in modern times -- get in, turn on the "key" and start the engine.

I have no need for the remote start function and, if I want to warm up or cool off my car before I take off, I can just get in the car start it up and turn on the heater or AC as need be a few mins before I take off. No problem doing that for me.

On the other hand, the ability to locate and disable the car could be advantageous if it is stolen but, if I have to give up the ability to also remotely start the car, I'd give up that functionality also simply because I do not want to forfeit control of the car to anyone w/the capability to hack it.
 
Pigwich said:
BUT - Is it worth getting put on a no-fly list for making critical remarks about the government while in the supposed privacy of your own car? Who could really say.
The first amendment gives you the right to make critical remarks of the government in public as well as the privacy of your vehicle. If you get put on a no-fly list, it's not because you merely made remarks in your car and the government managed to record them. There's something much larger going on and is way worse than just griping on your part.
 
sgt1372 said:
Call me paranoid but, if I can remotely start my car's climate control or ignition, so can someone else and I don't want anyone else to have that level of control over my car. Granted, it is highly unlikely that MY car will ever be targeted for such attention but the mere possibility is off putting to me.

You can also call me old fashioned but I'm happy to just open and start the car the way it's always been done in modern times -- get in, turn on the "key" and start the engine.

I have no need for the remote start function and, if I want to warm up or cool off my car before I take off, I can just get in the car start it up and turn on the heater or AC as need be a few mins before I take off. No problem doing that for me.

On the other hand, the ability to locate and disable the car could be advantageous if it is stolen but, if I have to give up the ability to also remotely start the car, I'd give up that functionality also simply because I do not want to forfeit control of the car to anyone w/the capability to hack it.

To be clear "remote start" doesn't start the Bolt so it's ready to drive. Rather, it starts the climate control system. Whether by using the remote or the app, it will turn on the brake lights and run the heater/AC for 20 minutes. You turn it off by letting it expire, with the remote/app, or entering the vehicle and starting the car as normal.

Note - the "precondition" button on the app requires a secondary input of a four digit passcode, making it much hard to hack.
 
To revive an old thread - did anyone figure out how to unplug the antenna for the OnStar module? Pretty sure this is it behind the glove box. the bracket seems to be welded in though, and I can't get to the back where I think the cables are attached.
 

Attachments

  • htLk7Qr.jpg
    htLk7Qr.jpg
    211.5 KB · Views: 9,222
Warning. Luddite alert. I even carry a paper map most places I go.
that said:
To revive an old thread again. For those who may still be looking into disabling all or some of Onstar.
I believe the image in the previous post is the radio, not the OnStar.
I think the OnStar is behind the infotainment screen. This is based
on images I found on the free part of the online service manual at repairprocedures dot com.
(use the 2017 not the 2018 manual as the 2018 does not seem to be searchable)
see attached image if it doesn't get scrubbed. if it does
search for "Communication Interface Module Bracket Replacement" in repairprocedures

The Onstar on the Bolt will be pretty hard to get out. But you can reach the back of it "easily" by removing the glove box.
(see replacing filter, in the user manual). Stick your head in there and look to the left, you will see the plugs.
(or stick your phone in and take a picture)
I do not yet know which one is which.
this old video has some info, and in the comments below it.
youtube dot com/watch?v=KAbTy_jFcbc

Still not clear to me all that Onstar is doing for or against me.
Clearly they are selling the data , many articles about that,
Apparently they can call without permission, probably listen in (tape over the microphone will fix that)
But ... I wouldn't mind being rescued out in the woods beyond my cell phone range.
So I want a solution where I can hook it up again easily. Maybe the Onstar fuse is best
for me. I don't care about voice commands, bluetooth , or any of the rest of it.
 
Would disabling the OnStar affect the warranty in any way? If GM loses contact with the vehicle how do they respond or do they care?
 
Back
Top