Hackers Hijack a Moving Jeep Cherokee

23 Jul 2015 | Author: | No comments yet »

Fiat Chrysler Offers Patch After Hackers Commandeer Jeep.

Fiat Chrysler Automobiles NV is offering a software patch to close a loophole that let two hackers take control of a moving Jeep sport utility vehicle in an incident spotlighting the vulnerability of connected autos.Two men used a laptop and a mobile phone to seize control of the vehicle as it drove at 70mph along the motorway – and turned off its engine, slammed on the brakes and ramped its wind-screen wipers to maximum speed.A pair of expert hackers have demonstrated it’s now possible to remotely tap into a car’s computer systems and disable functions like its steering, braking and transmission, as long as they have the vehicle’s IP address.

Our main character is driving 70 miles per hour down a highway in a Jeep Cherokee when suddenly the brakes stop working, the A/C system starts blasting cold air on high, the windshield wipers go haywire, the accelerator is rendered unusable and the radio switches to a Kanye West song. Cyber-security experts Charlie Miller and Chris Valasek showed Wired writer Andy Greenberg firsthand how it was possible for them to hack into the Jeep Cherokee he was driving and control everything from climate controls and stereo volume to brake pressure and transmission operation. “All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone,” wrote Greenberg. “Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat-Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element […] also lets anyone who knows the car’s IP address gain access from anywhere in the country.” Miller and Valasek were able to use the Uconnect as a point of entry to the vehicle’s head unit, which controls the entertainment system, and plant their own code in it.

As autos become rolling smartphones, loaded with streaming music and apps, they open themselves to the viral and criminal threats that target PCs and credit card databases. The programmers who took over the Jeep listed vulnerabilities last year in 19 other models. “This is a very big wake-up call for the industry that shows they have a weakness,” said Egil Juliussen, director of research for consultant IHS’s automotive technology group. “They are worried about it and thinking about what they need to do. This recent demonstration served to prove these sorts of attacks can now be launched wirelessly; the Jeep’s only defence would have been the relative anonymity of its IP address. But it will be awhile before cars are safe from a hacking attack.” On the same day as the Jeep hack article, Senators Edward Markey, a Massachusetts Democrat, and Richard Blumenthal, a Connecticut Democrat, introduced legislation to direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish rules that would secure cars against hackers and protect consumer privacy. “Drivers shouldn’t have to choose between being connected and being protected,” Markey said in a statement. “We need clear rules of the road that protect cars from hackers and American families from data trackers.” The bill would create a rating system to tell consumers how secure their vehicles are beyond any minimum federal requirements. In his article for Wired, Greenberg writes that after the accelerator stopped working on a steep hill with no shoulder, cars began to pile up behind him, honking their horns and then passing him.

Markey released a report last year on gaps in car security systems, concluding that only two of 16 auto companies had the ability to detect and respond to a hacking attack. Chrysler has issued a patch to deal with the security breach – but it must be implemented via a USB stick or by a dealership mechanic, meaning many vehicles are unlikely to remain vulnerable. The two shared the results of their vehicle security research with Fiat Chrysler Automobile (FCA) nine months ago, and the automaker in turn, released a patch on July 16 available for download via USB from most Chrysler dealers, to fix the flaws in their cars’ code. Owners can download the fix to a thumb drive from a Fiat Chrysler website and install it in 30 minutes to 45 minutes or have the update done at a dealership, the company said. They’re trying to make clear the message that a greater emphasis on vehicle security is needed in today’s connected cars, and are hoping to reach both automakers and consumers. “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller told Wired. “This might be the kind of software bug most likely to kill someone.”

By 2022, 82.5 million autos worldwide will be connected to the Internet, more than three times the 26.5 million connected cars this year, according to IHS.

Here you can write a commentary on the recording "Hackers Hijack a Moving Jeep Cherokee".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site