Pittsburgh-area man helped hack Jeep for ‘Wired’ article

23 Jul 2015 | Author: | No comments yet »

Can automakers build hacker-proof cars? (+video).

The fix is a response to a recent article in Wired magazine about two well-known hackers, Charlie Miller and Chris Valasek, who remotely took control of a Jeep Cherokee through its UConnect entertainment system. As the number of connected devices explodes — from roughly 2 billion in 2010 to an estimated 25 billion by 2020 — security researchers have repeatedly shown that most online devices can be hacked.Answer: The security industry has been warning car manufacturers about the growing dangers of adding customer convenience technology without a strong focus on security. Their previous “proof of concept” hacks in 2013 required physical access to the vehicle, which caused the auto industry to shrug off the threat as not likely to happen. This was swiftly followed by his music system springing into noisy life and his windscreen wipers suddenly whipping back and forth at their fastest speed.

Greenberg described how hackers working from laptop computers at home tinkered with the Cherokee’s steering and brakes as well as the radio, windshield wipers and more. It’s just a question of when the right hacking skills end up in the hands of people with the sufficient motives. “If you’ve learned anything from the Internet, it’s clearly going to happen,” said Kathleen Fisher, a Tufts University computer-science professor and security researcher.

Then came the worst bit by far – without him doing a thing, the Jeep’s engine died, leaving the car crawling along at a snail’s pace on a busy freeway. Fiat Chrysler released free software updates for computerized UConnect systems in Chrysler, Dodge, Jeep and Ram models made in 2013 and 2014, and some versions of the 2015 Chrysler 200. The inherent insecurity of the Internet — an ungoverned global network running on technology created several decades ago — makes it difficult to add effective safety measures now. Valasek had successfully hacked cars from the backseat with their laptops plugged into the diagnostic port, but their new achievement highlights the unique vulnerability of Internet-connected cars. A Wired article published this week, “Hackers Remotely Kill a Jeep on the Highway — With Me in It,” showed how vulnerable that cars equipped with the Uconnect technology are to being hacked remotely.

Greenberg, with his permission, by two “white hat” hackers – computer security specialists who break into protected systems and networks to test and assess their security. But once it was running, he found the vehicle’s Internet address and, while sitting in his office and typing on a MacBook Pro, hacked in through the dashboard information and entertainment system.

He had agreed to be hacked by two of his tech buddies who, though miles away, had taken control of his vehicle’s on-board computer in order to highlight the security vulnerabilities of modern cars that are hooked up to the internet. They also found readily accessible Internet links to thousands of Jeeps, Dodges and Chryslers that feature a proprietary wireless entertainment and navigation system called Uconnect. Unsurprisingly, Fiat Chrysler, this particular vehicle’s manufacturer, has now issued a “patch” that befuddled car owners must download or beg their local dealer to do for them. Greenberg’s Jeep using software that allowed them to send commands through the vehicle’s entertainment system to its dashboard functions, steering, brakes and transmission – using a laptop located 10 miles away.

Valasek also noted last year that Tesla sends its software updates wirelessly, meaning drivers do not need to bring their cars in to have it done on site. In this battle, defensive forces have one clear strength: Connected devices run many types of software, meaning that an attack on one may not work on others. The problem, CNN Money reported, is that all of the computers in a vehicle are connected, meaning a breach into one part of the car gives easy access to others – a problem that vehicle-to-vehicle communication systems and self-driving cars could exacerbate.

Edward Markey of Massachusetts and Richard Blumenthal of Connecticut introduced legislation tasking the National Highway Safety Administration and Federal Trade Commission with developing standards that prevent hacking of vehicle control systems. The company urged owners of the affected cars to update their software from via http://www.driveuconnect.com/software-update/ Disclaimer: The comments uploaded on this site do not necessarily represent or reflect the views of management and owner of INQUIRER.net. They haven’t been able to package it yet so that it’s easily exploitable,” said John Ellis, a former global technologist for Ford. “You can do it on a one-car basis. Dealerships can install the new software, or customers can download it onto a memory stick and insert it into their vehicles. “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” it said. Personally, I think it’s too easy when something like this happens to moan and mourn the days when you, and you alone, had control of your car, or who saw your saucy honeymoon snaps.

It also offered reassurances to drivers. “The company monitors and tests the information systems of all of its products to identify and eliminate vulnerabilities in the ordinary course of business.” “They really just patched one vulnerability. To subscribe to the Philippine Daily Inquirer newspaper in the Philippines, call +63 2 896-6000 for Metro Manila and Metro Cebu or email your subscription request here. It’s extremely important that everyone at risk protect their vehicles immediately because the researchers plan to unveil some of the technical details of how they did it at the upcoming Black Hat hacker conference in Las Vegas that begins Aug. 1. If a hacker-proof car was designed today, it couldn’t reach dealerships until 2018, experts say, and it would remain hacker-proof only for as long as its automaker kept providing regular updates for the underlying software. Their reason for sharing their research is for peer review and more importantly, to make sure that the entire automotive industry takes them seriously this time.

Markey surveyed 16 car companies in February about how they handle digital security, and found that adequate security was the exception, not the rule. These vehicles can talk to the outside world through remote key systems, satellite radios, telematic control units, Bluetooth connections, dashboard Internet links and even wireless tire-pressure monitors. These experts have compiled a 94-page report showing many other vehicles that are at risk, with the most hackable being the 2014 Jeep Cherokee, 2015 Cadillac Escalade and 2014 Infiniti Q50.

They also said that the least hackable cars were the 2014 Dodge Viper, 2014 Audi A8 and the 2014 Honda Accord, so the issue is not specific to any one car manufacturer. We need clear rules of the road that protect cars from hackers and American families from data trackers.” Valasek and Miller’s attack on the Jeep Cherokee echoes a 2011 study by the University of Washington’s Yoshi Kohno and UC San Diego’s Stefan Savage, in which they completed a wireless, remote takeover of a car, becoming the first to do so. Automation, to varying degrees, has offered salvation to billions – from those of us profoundly grateful for the domestic dishwasher all the way through to the patients of doctors performing “telesurgery” – remotely operating on patients miles away. Researchers who have hacked their way into computers that control dashboard displays, lighting systems or air bags have found their way to ones running transmission systems, engine cylinders and steering controls.

Nearly all of these systems speak a common digital language, a computer protocol created in the 1980s when only motorists and their mechanics had access to critical vehicle controls. For instance, while I love how Google continues to push the boundaries with driverless cars and its forays into artificial intelligence, I don’t much like it when it randomly collects people’s information without their prior consent. It’s abysmal,” said researcher Peiter Zatko, a former hacker who once directed cybersecurity research for the Pentagon’s Defense Advanced Research Projects Agency.

Nor do I feel assured about putting my family photos into Apple’s iCloud soon after intimate images of Hollywood A-listers have been hacked (and no before you ask, they aren’t those kind of snaps) – even though I’m an iPhone and Mac fan. A jealous hacker could use a vehicle’s navigation system to track his spouse’s movements while remotely activating the built-in microphone to secretly record conversations that happen in the car. Edward Markey, D-Mass., who filed a bill this week seeking federal cybersecurity standards for cars. “We’ve moved from an era of combustion engines to computerized engines, but we haven’t put into place the proper protections against hackers and data trackers.” The Alliance of Automobile Manufacturers, a Washington-based group representing 12 major carmakers, said in a statement that the group created an Information Sharing and Analysis Center this month to study cybersecurity issues and share information about threats. “No one has even mentioned it,” said Lee Chapman, president of the Dallas-Fort Worth Metropolitan New Car Dealers Association. “I assume at some point it could become an issue because there are some people out there with an evil streak.” “The ones who will have to rectify this — if problems do crop up — are the manufacturers,” Chapman said. “They will have to devise the solutions. They will hack our cars, our emails and in years to come, no doubt, our thermostats, fridges, pacemakers, even airliners – anything and everything that will be connected to the so-called “internet of things”.

The industry was ailing in the aftermath of the recession, and the executives expressed interest in federal research that might help improve their line of vehicles with new technology. When NBC’s Today show ran startling footage in 2013 showing the hackers overriding the driver’s control — yanking the steering wheel to one side, disabling the brakes and shutting off the engine — the car companies issued pointed statements noting that Miller and Valasek were sitting in the vehicles, not controlling them remotely through the Internet. Automakers don’t build cars so much as assemble them from parts sourced from other companies, whose priorities don’t necessarily include addressing threats that might manifest themselves long after a vehicle is sold. “Am I scared of this near future?

Here you can write a commentary on the recording "Pittsburgh-area man helped hack Jeep for ‘Wired’ article".

* Required fields
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site