Net of Insecurity

22 Jul 2015 | Author: | No comments yet »

Fiat Chrysler Offers Software Patch After Hackers Control Jeep.

Fiat Chrysler Automobiles NV is offering a software patch to close a loophole that let two hackers take control of a moving Jeep sport utility vehicle in an incident spotlighting the vulnerability of connected autos.

Fiat Chrysler has released a software update for thousands of its vehicles after two professional hackers took command of a 2014 Jeep Cherokee while it was driving.SECURITY RESEARCHERS HAVE SHOWN that it is possible to get a Chrysler Jeep to alter direction using just the internet and the vehicle’s in-car entertainment system. The invasion was reported in Wired magazine on Monday and included video evidence of hackers Charlie Miller and Chris Valasek compromising the functions of a Cherokee driven by Wired journalist Andy Greenberg. The same thing could be achieved by placing any animal larger than a pigeon inside a moving car, but Chrysler has wisely released a patch for the problem and offered to install it for free. But it will be awhile before cars are safe from a hacking attack.” By 2022, 82.5 million autos worldwide will be connected to the Internet, more than three times the 26.5 million connected cars this year, according to IHS.

Parent company Fiat Chrysler Autos has gone official with the information on its website, informing drivers that security and confidence are key elements of the company’s proposition, and that it will provide an update to patch the fault. “The security and confidence of our customers is important. Fiat Chrysler said that “after becoming aware of the vulnerabilities in some 2013 and 2014 vehicles equipped with the 8.4-inch touchscreen systems, FCA and several supplies worked to fix the vulnerabilities in model year 2015 vehicles.” The software update patches the hole in the vehicles’ entertainment system. Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorised and unlawful access to vehicle systems,” the company said. “Today’s software security update, provided at no cost to customers, also includes Uconnect improvements introduced in the 2015 model year designed to enhance customer convenience and enjoyment of their vehicle,” the firm explained. µ

The automaker plans to contact customers who may be affected and has distributed the update to dealers. “Four or five years ago, there was nothing” protecting cars from hackers, he said. “Today, the automakers are starting to put things in place, but there’s still a long way to go.” Cars are not as rich a target as banks and retailers, which have credit card information and Social Security data hackers can use to make money. Because the vehicles lack such personal data, the auto industry probably won’t face a concerted threat yet from hackers, Juliussen said. “There aren’t many ways to earn money from hacking a car,” he said. “You could wreak havoc with traffic flow or cyber warfare, but that’s not the sort of thing an average hacker would do.”

A nice touch, I thought.” Greenberg survived to tell his tale, of course, but the ordeal is just the latest in a series of incidents highlighting the startling security vulnerabilities of hundreds of thousands of American automobiles. These incidents have raised the specter of remote-controlled car accidents, in which anarchist hackers or computer-savvy assassins could still be at home in their pajamas while wreaking havoc. Miller and Valasek exploited a weak spot in Uconnect, an Internet-connected feature on as many as 471,000 Fiat Chrysler late-model automobiles, most of them in the United States.

In 2011, researchers at the University of Washington and the University of California at San Diego proved they could remotely disable a car’s locks and brakes. There are many other ways that a car can be compromised by hackers. “I don’t think there are qualitative differences in security between vehicles today,” UCSD computer science professor Stefan Savage told Wired. “The Europeans are a little bit ahead. But broadly writ, this is something everyone’s still getting their hands around.” In February, hackers demonstrated to NBC 4 in New York how they could override a car’s system using a tiny Wi-Fi dongle plugged underneath its steering wheel. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. Imagine laying back in your fully automated car on your way to work when someone at a Starbucks miles away takes control and sends your robotic car swerving into oncoming traffic.

A computer security advocacy group called I Am The Cavalry warns that the threat goes far beyond cars to include common Wi-Fi connected medical devices like IV pumps or implantable pacemakers, electronic home security systems, and — on a grander scale — public infrastructure like railways, airplanes and power plants. “When you get up in the morning and get in your car to go to work, by the time you’ve gotten to work and sat down at your desk, you’ve literally interacted with probably several hundred of those controllers from when you turn on the tap to brush your teeth, to when you turn on the power to when you turn on your car engine,” Tom Parker, a professional hacker hired to help companies find their systems’ flaws, told NBC 4.

Here you can write a commentary on the recording "Net of Insecurity".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site