Hacked vehicle prompts Fiat Chrysler onboard update

22 Jul 2015 | Author: | No comments yet »

Hackers claim ‘frightening’ security flaw allows attackers to disable the brakes in ‘any vulnerable car’.

SECURITY RESEARCHERS HAVE SHOWN that it is possible to get a Chrysler Jeep to alter direction using just the internet and the vehicle’s in-car entertainment system.St Louis, Missouri – experts issued a warning to half a million car owners on Tuesday night after hackers were able to take remote control of a vehicle from around 15km away. The same thing could be achieved by placing any animal larger than a pigeon inside a moving car, but Chrysler has wisely released a patch for the problem and offered to install it for free.

Over the past two years, two well-respected security researchers, Charlie Miller and Chris Valasek, have been hacking away at various cars, trying to find a way to control them remotely. The two hackers, security experts sitting on a sofa with a laptop and mobile phone, cut the engine and applied the brakes – sending the Jeep, being driven by a journalist, into a spin. In a controlled test, they turned on the Jeep Cherokee’s radio and activated other inessential features before rewriting code embedded in the entertainment system hardware to issue commands through the internal network to steering, brakes and the engine. Alarmingly the hackers didn’t have to make any physical alterations to the car, and they warned “hundreds of thousands of vehicles could be vulnerable”. They claim that more than 470 000 cars made by the Jeep’s manufacturer Fiat Chrysler – including many in the UK – could be at risk of a similar attack.

Parent company Fiat Chrysler Autos has gone official with the information on its website, informing drivers that security and confidence are key elements of the company’s proposition, and that it will provide an update to patch the fault. “The security and confidence of our customers is important. Valasek and Miller have told Chrysler about the hack, and although a software patch has been developed to fix the problem, drivers will have to install the update manually. “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” it said in a statement. In 2013, they described how could control a Ford and a Toyota by plugging into a diagnostic port that could control the vehicle’s steering and speed. Greenberg wrote: “The most disturbing manoeuvre came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the two-ton SUV slid uncontrollably into a ditch.” The hack was possible because of Uconnect, the internet-connected computer feature that has been installed in Fiat Chrysler cars since 2013. An academic team had previously said it hacked a moving vehicle from afar but did not say how or name the manufacturer, putting less pressure on the industry.

National Highway Traffic Safety Administration chief Mark Rosekind on Tuesday said his agency is increasingly concerned about the security of vehicle control systems. “We know these systems will become targets of bad actors,” he told a conference on autonomous and connected vehicle technology in Ypsilanti, Mich. These incidents have raised the specter of remote-controlled car accidents, in which anarchist hackers or computer-savvy assassins could still be at home in their pajamas while wreaking havoc. Their research is likely to be one of the first discoveries in a new chapter of vulnerabilities and attacks directed at the so-called Internet of Things, the billions of products, machinery and infrastructure expected to come online in the next five years. If consumers don’t believe that connected vehicle systems are safe and secure, he said, “they will not engage it.” Members of the US Congress have also expressed concern, and on Tuesday senators Ed Markey and Richard Blumenthal, both Democrats, introduced a bill that would direct the NHTSA to develop standards for isolating critical software and detect hacking as it occurs. Miller and Valasek said they had been working with Fiat Chrysler since October, giving the company enough time to construct a patch to disable a feature that the men suspected had been turned on by accident.

Last year, the researchers bought a Jeep that came with a car stereo head unit, which offers a radio display, traffic and navigation system, and in this case, connected to the Internet through a hardware chip that provides a wireless and a cellular network connection. They plan to release a paper at the Def Con security conference next month that includes code for remote access, which will no longer work on cars that have been updated. Verified email addresses: All users on Independent Media news sites are now required to have a verified email address before being allowed to comment on articles. But the researchers said hackers would need to know the Internet Protocol address of a car in order to attack it specifically, and that address changes every time the car starts. They said that manufacturers, who are racing to add new Internet-connected features, should work much harder on creating safe capability for automatic over-the-air software updates, segregation of onboard entertainment and engineering networks, and intrusion-detection software for stopping improper commands.

In 2011, researchers at the University of Washington and the University of California at San Diego proved they could remotely disable a car’s locks and brakes. Tadajewski said Fiat Chrysler routinely monitors and tests its systems to identify and eliminate security vulnerabilities and had an embedded system quality engineering team dedicated to developing and implementing cybersecurity standards for all its vehicles, including its onboard and remote services.

There are many other ways that a car can be compromised by hackers. “I don’t think there are qualitative differences in security between vehicles today,” UCSD computer science professor Stefan Savage told Wired. “The Europeans are a little bit ahead. But broadly writ, this is something everyone’s still getting their hands around.” In February, hackers demonstrated to NBC 4 in New York how they could override a car’s system using a tiny Wi-Fi dongle plugged underneath its steering wheel.

Imagine laying back in your fully automated car on your way to work when someone at a Starbucks miles away takes control and sends your robotic car swerving into oncoming traffic. A computer security advocacy group called I Am The Cavalry warns that the threat goes far beyond cars to include common Wi-Fi connected medical devices like IV pumps or implantable pacemakers, electronic home security systems, and — on a grander scale — public infrastructure like railways, airplanes and power plants. “When you get up in the morning and get in your car to go to work, by the time you’ve gotten to work and sat down at your desk, you’ve literally interacted with probably several hundred of those controllers from when you turn on the tap to brush your teeth, to when you turn on the power to when you turn on your car engine,” Tom Parker, a professional hacker hired to help companies find their systems’ flaws, told NBC 4.

Here you can write a commentary on the recording "Hacked vehicle prompts Fiat Chrysler onboard update".

* Required fields
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site