Hackers Remotely Kill a Jeep on the Highway — With Me in It
GREENBERG A., Hackers Remotely Kill a Jeep on the Highway — With Me in It, wired.com, 21.07.2015
|Topics||Security, Operational Security|
Miller and Valasek have developed an hacking technique "that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country".
"All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element [...] Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. [...] From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network [...] to its physical components like the engine and wheels".
"Miller and Valasek have been sharing their research with Chrysler for nearly nine months, enabling the company to quietly release a patch [...]. “FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability.” Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic. (Download the update here.) That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable". Here, we see the benefits of automatic and remote updates for customers.