More disturbing details about the Jeep hack

24 Jul 2015 | Author: | No comments yet »

A hacked Jeep should be a wake-up call to automakers.

SAN FRANCISCO • Fiat Chrysler said on Wednesday it is offering a software patch for some of its Web-connected vehicles after a report detailed how hackers seized control of a moving 2014 Jeep Cherokee. As major automakers continue to roll out cars with Wi-Fi features connecting the vehicles with smartphones and other devices, their innovations are likely to catch the eye of hackers as well as tech-hungry customers, opening up a new asphalt playing field in the arena of cybersecurity. “My concern is where we are heading in the future.PITTSBURGH (AP) – Chris Valasek celebrated his new-found fame as part of a two-man team that successfully hacked into a high-end Jeep Cherokee by downing a Primanti’s sandwich and a 22-ounce Iron City Light.

As we head toward more automated drive systems, then the possibilities for hacking open up even more,” says Akshay Anand, an analyst with automotive research company Kelley Blue Book. Fiat Chrysler claimed no first-hand knowledge of any of its vehicles being hacked and released a statement yesterday saying that software updates were sometimes required “for improved security protection to reduce the potential risk of unauthorised and unlawful access to vehicle systems”.

As writer Andy Greenberg sped down the highway in a Jeep Cherokee, the radio started blasting hip hop, the air conditioning unexpectedly turned on, the wipers activated — and then the SUV switched itself into neutral. The Jeep incident was the latest warning to the auto industry, which is rapidly adding Internet-connected features like WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. In a story in Wired on Monday, journalist Andy Greenberg described how hackers Charlie Miller and Chris Valasek remotely commandeered the Jeep in an arranged demonstration of a vulnerability, taking over its steering and brakes. Through a flaw they discovered, Miller and Valasek gained access to the vehicle’s computer network through the wireless Uconnect system, which let them control the steering, brakes and transmission of the Jeep while the reporter was driving.

Fiat Chrysler released free software updates for computerised UConnect systems in Chrysler, Dodge, Jeep and Ram models made in 2013 and last year, and some versions of the 2015 Chrysler 200. He worked at a job in Atlanta for a few years before his employer allowed him to start working from home. “They said I could move anywhere in the world, and I came back here,” Valasek, 33, told the Tribune-Review Wednesday. “I love it. Automakers are testing driverless car features as the next stage of innovation for their industry, and Anand says such technology could help hackers remotely steal a car. I travel the world for my job, and I’m always glad to come home.” Valasek said the hack could affect as many as 420,000 Chrysler vehicles that feature the proprietary wireless entertainment and navigation system that connects to the Internet, called Uconnect.

The danger to consumers stems in large part from the rapid increase of companies, including automakers, who are making connected devices without putting the same effort into cybersecurity protections for those devices. And with a growing number of internal car functions being controlled by chips and software, the list of things that could conceivably be commandeered by hackers is steadily expanding. Some companies “are absolutely not doing it the right way,” says Jim Hunter, chief scientist at Greenwave Systems, which provides software for connected devices to companies like Verizon and IBM. “The challenge is that there are some young companies that don’t have that experience,” Hunter says. “Larger consumer electronics companies have experienced those scars of mistakes with consumers. Granted, it took Greenberg’s hackers — a pair of security researchers who warned him in advance about what they were doing — months to find a way to take over a Jeep through its entertainment system, and Chrysler has already issued a software update to plug that hole.

Companies put in requirements to make sure that if you are a firm that wants its device to be interoperable with a software ecosystem like a smartphone network, they will have to assure they have security safeguards.” In response to such concerns, Federal Trade Commission Chairwoman Edith Ramirez has been pushing for more privacy and cybersecurity standards in the growing Internet of Things ecosystem – a sector of devices connected to wireless signals that includes not only cars but blenders, watches, thermostats and refrigerators. Nevertheless, the incident should set off alarms throughout the industry, which still relies on protocols developed long before cars could connect electronically to other, potentially hostile devices.

That ecosystem is growing, as an estimated 4.9 billion connected things will be used in 2015, up 30 percent from 2014, according to market research firm Gartner. Security experts say there has been no concerted effort by automakers or parts suppliers to redesign internal communications channels to guard against attackers. For the Wired article, Valasek and Miller took the journalist through a bit of a freak-out moment by first controlling the radio, wipers and washer fluid on the Cherokee as he was driving on a St. According to research published by Markey’s office earlier this year, only two or three of 16 studied car companies appeared to be able to detect or respond to a hack, and customers often don’t know information from their car is being collected and sent to third parties. “Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes,” Blumenthal wrote in a press statement. “Security and safety need not be sacrificed for the convenience and promise of wireless progress.” Republicans like Sen.

Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced a bill to require the National Highway Transportation Safety Administration to develop security and privacy standards for vehicle electronics and offer ratings on how well they guard against hackers. Valasek wore a Pitt T-shirt.) By merely typing the right series of computer commands, the researchers said they could hack into these vehicles, almost anywhere they might be driving. Although mandating a specific security approach would be a bad idea — lawmakers and regulators can’t keep pace with ever-changing technology — having the agency shepherd the industry’s efforts to identify and respond to vulnerabilities would be welcome. And putting a security grade next to the mileage estimate on a new car’s sticker would bring needed pressure on the industry to make vehicles more resistant to hackers before they hit the showroom floor. Government and industry officials are racing to add protections before techniques demonstrated by Miller, Valasek and other researchers join the standard tool kits of cybercriminals.

In this battle, defensive forces have one clear strength: Connected devices run many types of software, meaning that an attack on one may not work on others. Even cars from a single manufacturer can vary dramatically from one model year to the next, hindering hackers. “They haven’t been able to weaponize it. You can’t yet do it on a 100,000-car basis.” Valasek acknowledged that it has taken years of research for him and Miller to reach this point, and executing the hack still requires detailed knowledge of not only computers, but also how the vehicle software works. “If you’re concerned about someone assassinating you, then, yes, you should be concerned,” Valasek said. “Otherwise, it’s not to the point where it’s opportunistic.”

Here you can write a commentary on the recording "More disturbing details about the Jeep hack".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site