Fiat Chrysler Recalls 1.4 Million Vehicles Amid Hacking Concerns

24 Jul 2015 | Author: | No comments yet »

Chrysler Recalls 1.4 Million Cars Because Hackers Can Hijack Them.

If you own a newer Jeep Grand Cherokee or Dodge Durango, you will want to check this out: Fiat Chrysler Automobiles is recalling 1.4 million cars due to a security flaw that leaves the vehicles vulnerable to complete takeovers from hackers.St Louis, Missouri – The triumphant shout of “You’re doomed!” came in an iPhone call from the hacker who had remotely hijacked a Jeep Cherokee on a motorway, cutting the transmission and leaving its driver powerless. This is a response to a Wired investigation demonstrated how hackers can exploit a security hole in the UConnect software installed in many of the company’s popular new models. Chrysler said there is no defect, called the move “a voluntary safety recall” and said no customers had reported injuries, complaints, warranty claims or accidents.

There was just one documented real-world case of remote car hacking in 2010, but that was an inside job by a disgruntled car dealer employee, who bricked over 100 vehicles by taking advantage of technology designed to allow remote repossession. The accelerator stopped working and the Jeep slowed to a crawl on a flyover where there was no hard shoulder to pull over and the traffic was moving at a steady 115km/h. The software has a flaw can be used to take control over the vehicles, cutting transmission and endangering/scaring the bejeezus out of the people in the car.

In a statement, Chrysler said that customers will receive a USB device that they may use to upgrade vehicle software or could visit a dedicated website to check if they are affected. But earlier this week, two security researchers who have made exposing connected car vulnerabilities somewhat of a crusade showed in dramatic and somewhat dangerous fashion how they were able to remotely disable critical systems of a 2014 Jeep Cherokee while the vehicle was on a St. The company was giving a nod to a report in Wired about an experiment by a writer who was in a Jeep as two famous hackers, Charlie Miller and Chris Valasek, took over the car through its UConnect digital system. “Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system.

Their follow-up, once again with writer Andy Greenberg at the wheel, was intended to scare car companies and car owners by proving that vehicles can be remotely hacked to cause havoc on the highway. The hackers could have killed the engine altogether, slammed on the brakes or, worse, disabled them – as they did later. “The most disturbing manoeuvre came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the two-ton vehicle slid uncontrollably into a ditch,” he says. Giving people a USB stick as protection against getting their cars zombified sounds like a wimpy response from FCA, but this doesn’t mean you need to panic. While sitting in Miller’s basement miles away, the pair used a security vulnerability in the vehicle’s Uconnect infotainment system to blast the AC, tune to a hip-hop radio station and crank the stereo system, turn on the windshield wiper and washer, and post a snarky picture on the in-dash display of themselves in matching track suits. It’s scary that cars with internet-connected software are now vulnerable to cyberattacks, but this exploit hasn’t been used “in the wild.” The researchers who found it were experts who had easy access to the car’s IP address.

Modern cars typically contain 50 low-powered computers – enabling services such as wifi, Bluetooth, satnav and even the information screen – which can offer tempting entry points to criminals. Their latest publicity stunt is a prelude to presenting their remote hacking research at the Black Hat security conference in Las Vegas next month, without revealing the details to malicious hackers. In Britain, tens of thousands of cars are stolen or broken into every year by thieves using electronic hacking equipment bought from websites based mainly in Bulgaria.

Instead of smashing windows or forcing door locks, the criminals arm themselves with equipment that can intercept signals from key fobs to get into cars or that plugs into onboard computers remotely. Miller and Valasek raised the stakes and went remote in their car-hacking work, which is funded by a Defense Advanced Research Projects Agency (DARPA) grant, because their demonstration two years ago “didn’t have the impact with the manufacturers that we wanted,” Miller told Wired. The duo proved this week that they can wirelessly carjack Jeep Cherokees via the internet, armed with just a basic mobile phone and a laptop loaded with their own software, from just about anywhere. This week, researchers in England found a way into a car’s electronics through the Digital Audio Broadcasting (DAB) radio feature commonly used in Europe and Asia that could allow a hacker to send malicious code to take over an infotainment system. Countermeasures such as OTA updates are becoming more common, as Tesla has shown, and automakers have been trying to stay ahead of the car-hacking threat by hiring dedicated security experts.

There’s also currently not much incentive for hackers to target cars, beyond pulling off malicious pranks. “Given the [monetary] motivation of most hackers, the chance of [car hacking] is very low,” observed Damon McCoy, an assistant professor of computer science at George Mason University and a car security researcher. According to Greenberg, the hackers are “perfecting their steering control – for now, they can only hijack the wheel when the Jeep is in reverse”. The threat of car hacking has been compared to the nascent Internet 20 years ago, when computers first started to become connected and the Black Hats started exposing and exploiting vulnerabilities. The first and easier method involves procuring a small box of electronic tricks the size of a credit card called a CANtact, which can be bought online from the US for just $60 (R755). Companies like Microsoft, in turn, were forced to go on the defensive and issue security patches and even reward nerds who uncovered a vulnerability with “bug bounties.” But it’s not 1995 and hackers are more plentiful and more sophisticated, and there could be more connected cars on the road now that they were connected computers two decades ago.

This device must be physically connected to a car, via one of the connection points on the vehicle’s Controller Area Network (CANbus): this is the maze of wires and computers that forms your car’s electronic brain and is normally accessed by a garage mechanic, who plugs in a laptop to diagnose any faults. Similarly, a would-be hacker must connect the CANtact and then attach it, either with a cable or wirelessly, to a computer, which is then used to control your vehicle. Last summer, a 14-year-old schoolboy stunned delegates at a conference of car engineers and computer security experts in the US when he controlled a car with his iPhone and a mere R200 worth of electronics similar to a CANtact.

They urged the makers to take notice of what they had done, pointing out that “drivers and passengers are strictly at the mercy of the code running in their automobiles and, unlike when their web browser crashes or is compromised, the threat to their physical well-being is real”. And while they have so far experimented only on Jeeps, they believe most of their attacks could be tweaked to work on any Chrysler vehicle equipped with Uconnect, an internet-connected computer feature found in more than 400 000 Fiat Chrysler cars, SUVs and trucks. FCA said that it was “committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability” and lamented Miller and Valasek’s decision to go public with their findings.

The company said: “Under no circumstances does FCA condone or believe it appropriate to disclose ‘how-to’ information that would potentially encourage or help enable hackers to gain unauthorised and unlawful access to vehicle systems. “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they [do] not, in fact, compromise public safety.” In the Some progress is being made, with the House Committee on Energy and Commerce questioning all major car makers to see what they are doing to thwart hackers. In the UK, the issue was addressed in a speech last year by the Home Secretary Theresa May. “We can now work with industry to improve electronic resilience to include this kind of resilience in the vehicle’s overall security ratings and work out the extent to which the same threat applies to other physical assets such as building security systems,” she said. Many British car manufacturers, such as Ford, say they are taking the issue ‘very seriously’ and doing all they can to ensure that new cars are as hack-proof as possible.

In the future, it is likely that car makers will introduce vehicle-to-vehicle (V2V) communication, in which our cars would be able to talk to each other electronically, sending warnings of an accident or a build-up of traffic. Verified email addresses: All users on Independent Media news sites are now required to have a verified email address before being allowed to comment on articles.

Here you can write a commentary on the recording "Fiat Chrysler Recalls 1.4 Million Vehicles Amid Hacking Concerns".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site