Firewalls can’t protect today’s connected cars

24 Jul 2015 | Author: | No comments yet »

Chrysler issues patch to keep car hackers at bay.

Fiat Chrysler is offering a software patch for some of its internet-connected vehicles after a report showing hackers seizing control of a moving 2014 Jeep Cherokee. That is because a pair of technology researchers said that they had wirelessly hacked a Jeep Cherokee through its Internet-connected system, allowing them to take control of critical components like the engine, brakes and even steering under certain conditions.

Cybersecurity experts Chris Valasek and Charlie Miller have publicly exposed a serious vulnerability that would allow hackers to take remote control of Fiat Chrysler Automobile (FCA) cars that run its Uconnect internet-accessing software for connected car features.As major automakers continue to roll out cars with Wi-Fi features connecting the vehicles with smartphones and other devices, their innovations are likely to catch the eye of hackers as well as tech-hungry customers, opening up a new asphalt playing field in the arena of cybersecurity. “My concern is where we are heading in the future.

Fiat Chrysler claimed no first-hand knowledge of any of its vehicles being hacked and released a statement yesterday saying that software updates were sometimes required “for improved security protection to reduce the potential risk of unauthorised and unlawful access to vehicle systems”. Uconnect allows owners of cars such as the Jeep Cherokee to remotely start and stop the engine and flash the lights (to find the car on a parking lot) and lock and unlock doors via a smartkey or smartphone. As we head toward more automated drive systems, then the possibilities for hacking open up even more,” says Akshay Anand, an analyst with automotive research company Kelley Blue Book.

A Wired story by Andy Greenberg this week told of hackers Charlie Miller and Chris Valasek remotely commandeering a Cherokee as part of an arranged demonstration of a vulnerability. But the breach showed just how vulnerable the new breeds of web-connected vehicles can be, and the challenges that manufacturers face in defending against the types of attacks common in other technology fields. “Customers are demanding new capabilities and more technology, so the risk is only going to increase for vehicles,” said Jon Allen, a web security expert at Booz Allen Hamilton.

The Jeep incident was the latest warning to the auto industry, which is rapidly adding Internet-connected features like WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. However, as the researchers demonstrated to Wired’s Andy Greenberg, the system also allows those in the know to remotely hijack the signal and run the car off the road even when someone else is meant to be at the wheel.

Auto manufacturers, he said, “know they need to get ahead of this from a security perspective.” Such a web-enabled threat is relatively new for the industry: Complex computer software has been used for years to power cars’ performance, but those computerized brains were always walled off inside the cars themselves; they were not connected to the wider world. Such an act might be deemed irresponsible but the researchers, who uncover theses flaws for a living, first notified FCA about the problem nine months ago and until now have remained silent about the discovery.

Through a flaw they discovered, Miller and Valasek gained access to the vehicle’s computer network through the wireless Uconnect system, which let them control the steering, brakes and transmission of the Jeep while the reporter was driving. Fiat Chrysler released free software updates for computerised UConnect systems in Chrysler, Dodge, Jeep and Ram models made in 2013 and last year, and some versions of the 2015 Chrysler 200. However, the wording of the update: “Today, [the cybersecurity program] at FCA released a Technical Service Bulletin (TSB) for a software update that offers customers improved vehicle electronic security and communications system enhancements,” plus the fact that the update needs to be downloaded onto a USB key and physically installed by the owner, fails to highlight the potential seriousness of the problem.

Vehicle recalls have been receiving a lot of media attention in recent months, yet according to Autotrader data, only 56% of drivers can be counted upon to take their vehicle in for servicing or correction every time. Automakers are testing driverless car features as the next stage of innovation for their industry, and Anand says such technology could help hackers remotely steal a car. Markey, together with Senator Richard Blumenthal, Democrat of Connecticut, has also drafted legislation to establish federal web security standards for automobiles. In it, they concluded at the time that hacking a car would be too time consuming, expensive and complicated to be worth the reward, except in very specific situations. The danger to consumers stems in large part from the rapid increase of companies, including automakers, who are making connected devices without putting the same effort into cybersecurity protections for those devices.

Louis highway at 70 miles an hour, the driver, who participated in the experiment, was rendered helpless to control the air-conditioning fan, radio, windshield wipers and the car’s digital display. All of which is what makes the Uconnect exploit so serious and is why Miller has taken to Twitter to urge the public to download the software update. – AFP Relaxnews

Companies put in requirements to make sure that if you are a firm that wants its device to be interoperable with a software ecosystem like a smartphone network, they will have to assure they have security safeguards.” In response to such concerns, Federal Trade Commission Chairwoman Edith Ramirez has been pushing for more privacy and cybersecurity standards in the growing Internet of Things ecosystem – a sector of devices connected to wireless signals that includes not only cars but blenders, watches, thermostats and refrigerators. The two hackers, sitting with a laptop in a basement 10 miles away, took control of them all, even cutting the engine at one point and bringing the Jeep to a stop as traffic whizzed by. That ecosystem is growing, as an estimated 4.9 billion connected things will be used in 2015, up 30 percent from 2014, according to market research firm Gartner. According to research published by Markey’s office earlier this year, only two or three of 16 studied car companies appeared to be able to detect or respond to a hack, and customers often don’t know information from their car is being collected and sent to third parties. “Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes,” Blumenthal wrote in a press statement. “Security and safety need not be sacrificed for the convenience and promise of wireless progress.” Republicans like Sen. Valasek said, referring to Chrysler’s engineers. “But people like us think differently, and we thought how it could work until we found the way.” The pair’s hacking technique is not applicable only to Jeeps, Mr.

General Motors said in a statement that “our customers’ safety and security is paramount, and we are taking a multifaceted approach to secure in-vehicle and connected-vehicle systems.” The company said it was “designing vehicle systems that can be updated with enhanced security as these potential threats arise.” Volvo said its cars were “designed with several layers of protection in hardware and software” and “enhanced with encryption and security protocols that are unique to each individual car. This process serves to prevent the remote access and disablement of critical systems.” An Audi spokesman described security as a high priority and said the company intended to “constantly protect our cars and customers against vulnerability risks.” Mr. That could mean something akin to running antivirus software on computers — where intrusion threats are being monitored in real time, both by consumers themselves and by automakers. “Automakers will need to be watching this around the clock to spot threats right away,” he said. “And we could see warnings for drivers as well, when suspected intrusions are detected.” Mr.

Here you can write a commentary on the recording "Firewalls can’t protect today’s connected cars".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site