‘Car hacking’ just got real: In experiment, hackers disable SUV on busy highway

22 Jul 2015 | Author: | No comments yet »

Connected cars conundrum: Security experts hack into moving car and seize control.

American computer programmers staged a “frightening” demonstration of the vulnerability by remotely sabotaging a Chrysler Jeep Cherokee from miles away.St Louis, Missouri – experts issued a warning to half a million car owners on Tuesday night after hackers were able to take remote control of a vehicle from around 15km away.

Cybersecurity researchers have shown they can use the Internet to turn off a car’s engine as it drives, sharply escalating the stakes in the debate about the safety of increasingly connected cars and trucks.In an article posted on Wired.com Tuesday, security experts Charlie Miller and Chris Valasek, accessed a Jeep’s computer while a third man was driving down a St. The two hackers, security experts sitting on a sofa with a laptop and mobile phone, cut the engine and applied the brakes – sending the Jeep, being driven by a journalist, into a spin. Former National Security Agency hacker Charlie Miller, now at Twitter, and IOActive researcher Chris Valasek used a feature in the Fiat Chrysler telematics system Uconnect to break into a car being driven on the highway by a reporter for technology news site Wired.com. At the annual Black Hat and Def Con hacking conferences in Las Vegas in August, Miller and Valasek plan to demonstrate how, after two years of research, they have discovered a way to control hundreds of thousands of vehicles remotely.

In a controlled test, they turned on the Jeep Cherokee’s radio and activated other inessential features before rewriting code embedded in the entertainment system hardware to issue commands through the internal network to steering, brakes and the engine. They claim that more than 470 000 cars made by the Jeep’s manufacturer Fiat Chrysler – including many in the UK – could be at risk of a similar attack. Valasek and Miller have told Chrysler about the hack, and although a software patch has been developed to fix the problem, drivers will have to install the update manually. “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” it said in a statement. The demonstration was posted the same day of the Senate Commerce Committee hearing on the Internet of Things, senators Richard Blumenthal (D-Conn.) and Edward J.

In 2013, they described how could control a Ford and a Toyota by plugging into a diagnostic port that could control the vehicle’s steering and speed. Markey (D-Mass.), as they announced legislation that would direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards to secure our cars and protect drivers’ privacy.

Greenberg wrote: “The most disturbing manoeuvre came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the two-ton SUV slid uncontrollably into a ditch.” The hack was possible because of Uconnect, the internet-connected computer feature that has been installed in Fiat Chrysler cars since 2013. An academic team had previously said it hacked a moving vehicle from afar but did not say how or name the manufacturer, putting less pressure on the industry. Last year, the researchers bought a Jeep that came with a car stereo head unit, which offers a radio display, traffic and navigation system, and in this case, connected to the Internet through a hardware chip that provides a wireless and a cellular network connection. They plan to release a paper at the Def Con security conference next month that includes code for remote access, which will no longer work on cars that have been updated.

Verified email addresses: All users on Independent Media news sites are now required to have a verified email address before being allowed to comment on articles. But the researchers said hackers would need to know the Internet Protocol address of a car in order to attack it specifically, and that address changes every time the car starts. They said that manufacturers, who are racing to add new Internet-connected features, should work much harder on creating safe capability for automatic over-the-air software updates, segregation of onboard entertainment and engineering networks, and intrusion-detection software for stopping improper commands. Tadajewski said Fiat Chrysler routinely monitors and tests its systems to identify and eliminate security vulnerabilities and had an embedded system quality engineering team dedicated to developing and implementing cybersecurity standards for all its vehicles, including its onboard and remote services.

She said the company released a free software patch for the vulnerability. “Customers can either download and install this particular update themselves or, if preferred, their dealer can complete this one-time update at no cost to customers.” The end goal, Miller said, was to hack something tangible that most people could understand. “I’ve been in security for more than 10 years, and I’ve worked on computers and phones.

Here you can write a commentary on the recording "‘Car hacking’ just got real: In experiment, hackers disable SUV on busy highway".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site