I don't think the hack involves the cellular data connection, and it would be a very different hack if it did.
To clarify, the OnStar system in your vehicle talks to a data center at GM or wherever. When you use the app, it talks to that data center, and if you have an authenticated, actived session, the data center intermediates commands from the app to the vehicle.
This looks and smells like an entirely standard MITM type attack. He runs a rogue WAP, or listens in on low encryption APs, and when someone uses the app it exploits some weakness in the SSL/TLS process of the app (maybe DNS poisoning coupled with an app that doesn't demand a root signed cert from the peer). That can be fixed immediately and really is remarkably limited in utility and threat.
To clarify, the OnStar system in your vehicle talks to a data center at GM or wherever. When you use the app, it talks to that data center, and if you have an authenticated, actived session, the data center intermediates commands from the app to the vehicle.
This looks and smells like an entirely standard MITM type attack. He runs a rogue WAP, or listens in on low encryption APs, and when someone uses the app it exploits some weakness in the SSL/TLS process of the app (maybe DNS poisoning coupled with an app that doesn't demand a root signed cert from the peer). That can be fixed immediately and really is remarkably limited in utility and threat.