Credit: Wired
__________
Update — Fiat Chrysler recalls 1.4 million cars after Jeep hack
Affected vehicles
2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500, 2500 & 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee & Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 & Dodge Charger sedans
2015 Dodge Challenger sports coupes
http://www.bbc.com/news/technology-33650491
http://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/?mbid=nl_72415
__________
We’ve been here before: developer in too much of a hurry to add features, ignores security, leaves system open to hacking.
Difference this time:
● developers (car manufacturers) have the previous sorry examples, which should have served as a warning
● human lives are directly on the line
Good news:
● demonstrated in a limited range of vehicles
● other manufacturers remain an unknown quantity
● manufacturers have been informed
● legislation is in train, in USA, to force manufacturers to tighten up security in Web-enabled vehicles
● hackers do not plan to release enough of their exploit to allow others to duplicate it without months of research
Bad news:
● other manufacturers remain an unknown quantity
● for the purposes of demonstration, hackers cause a vehicle to suffer a sudden, dangerous, loss of power on the highway1,2 — this in, apparently, relatively responsible hands of people expecting to be scrutinised in various forums
● what will others do with it?
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/?mbid=nl_72115
___________________
1 "Death prompts VW owners to speak out", http://www.drive.com.au/motor-news/death-prompts-vw-owners-to-speak-out-20130530-2nexi
2 “Faults that trashed a reputation”, http://www.drive.com.au/it-pro/faults-that-trashed-a-reputation-20130607-2nvlc / driving 70 mph downtown St. Louis exploit I hadn’t touched the dashboard vents Jeep Cherokee started blasting cold air maximum setting in-seat climate control system radio switched local hip hop station full volume spun the control knob left hit the power button to no avail windshield wipers turned on wiper fluid blurred sprayed glass two hackers performing stunts car’s digital display Charlie Miller Chris Valasek Jeep’s strange behavior St. Louis Miller and Valasek’s digital crash-test dummy test car-hacking research result of their work hacking technique security industry zero-day exploit target Jeep Cherokees attacker wireless control via the Internet thousands of vehicles code automaker’s nightmare software hackers send commands Jeep’s entertainment system dashboard functions steering brakes transmission laptop across the country simulate experience driving a vehicle while it’s being hijacked invisible virtual force Miller Valasek attacks planned launch Miller’s laptop life-threatening drive the Jeep onto the highway iPhone’s speaker Interstate 64 on-ramp don’t panic hacking into Jeep Cherokee SUV highway ten miles away two hackers remotely air-conditioning radio windshield cut the transmission accelerator stopped working Jeep lost half its speed slowed to a crawl long overpass no shoulder escape experiment interstate slope upward barely crept forward cars lined up behind passing me honking 18-wheeler semi trailer approaching rearview mirror driver saw me paralyzed on the highway semi loomed in the mirror immobilized Jeep beg the hackers to make it stop wireless carjackers behind the wheel of a compromised car summer 2013 Ford Escape Toyota Prius South Bend Indiana, parking lot backseat laptops disabled my brakes honked the horn jerked the seat belt commandeered the steering wheel limitation wired into vehicles’ onboard diagnostic port repair technicians access to information car’s electronically controlled systems carjacking has gone wireless Miller Valasek publish exploit Internet talk they’re giving Black Hat security conference in Las Vegas next month series revelations two hackers spooked automotive industry helped inspire legislation WIRED learned senators Ed Markey Richard Blumenthal introduce automotive security bill set new digital security standards for cars trucks auto-hacking antidote bill timely attack tools developed remotely trigger dashboard transmission tricks used on the highway demonstrated traumatic experience on I-64 narrowly averting death by semi-trailer lame Jeep down an exit ramp re-engaged transmission turning ignition off and on arsenal functions lower speeds kill the engine engage the brakes disable cut the Jeep’s brakes 2-ton SUV slid uncontrollably into a ditch researchers perfecting steering control hijack the wheel Jeep is in reverse hack enables surveillance track a targeted Jeep’s GPS coordinates measure its speed drop pins on a map to trace its route Chrysler almost all carmakers turn the modern automobile into a smartphone Uconnect Internet-connected computer feature hundreds of thousands of Fiat Chrysler cars SUVs trucks controls vehicle’s entertainment navigation enables phone calls Wi-Fi hot spot one vulnerable element won’t identify Black Hat talk Uconnect’s cellular connection also car’s IP address gain access super nice vulnerability entry point attack adjacent chip in car’s head unit hardware entertainment system rewriting chip’s firmware plant their code rewritten firmware capable of sending commands car’s internal computer network CAN bus physical components engine wheels attack on entertainment system work any Chrysler vehicle Uconnect tested full set of physical hacks targeting transmission braking systems Jeep Cherokee attacks tweaked work any Chrysler vehicle vulnerable Uconnect head unit remotely hacking into other makes models cars researchers details of their work Las Vegas tool enabling wave of attacks Jeeps around the world part of the attack rewrites chip’s firmware hackers reverse-engineer took months code publish enable dashboard hijinks demonstrated GPS tracking sharing research Chrysler release patch Black Hat conference owners vehicles Uconnect feature notified patch post on Chrysler’s website acknowledge Miller and Valasek’s research Interstate 40 Route 40 Interstate 64 /
