The Web-Connected Car Is Cool, Until Hackers Cut Your Brakes

24 Jul 2015 | Author: | No comments yet »

Chrysler issues software patch after moving Jeep Cherokee hacked.

That is because a pair of technology researchers said that they had wirelessly hacked a Jeep Cherokee through its Internet-connected system, allowing them to take control of critical components like the engine, brakes and even steering under certain conditions. Cybersecurity experts Chris Valasek and Charlie Miller have publicly exposed a serious vulnerability that would allow hackers to take remote control of Fiat Chrysler Automobile (FCA) cars that run its Uconnect internet-accessing software for connected car features.As major automakers continue to roll out cars with Wi-Fi features connecting the vehicles with smartphones and other devices, their innovations are likely to catch the eye of hackers as well as tech-hungry customers, opening up a new asphalt playing field in the arena of cybersecurity. “My concern is where we are heading in the future.

Fiat Chrysler is offering a software patch for some of its internet-connected vehicles after a report showing hackers seizing control of a moving 2014 Jeep Cherokee.PITTSBURGH (AP) – Chris Valasek celebrated his new-found fame as part of a two-man team that successfully hacked into a high-end Jeep Cherokee by downing a Primanti’s sandwich and a 22-ounce Iron City Light. Uconnect allows owners of cars such as the Jeep Cherokee to remotely start and stop the engine and flash the lights (to find the car on a parking lot) and lock and unlock doors via a smartkey or smartphone.

As we head toward more automated drive systems, then the possibilities for hacking open up even more,” says Akshay Anand, an analyst with automotive research company Kelley Blue Book. Fiat Chrysler claimed no first-hand knowledge of any of its vehicles being hacked and released a statement yesterday saying that software updates were sometimes required “for improved security protection to reduce the potential risk of unauthorised and unlawful access to vehicle systems”. But the breach showed just how vulnerable the new breeds of web-connected vehicles can be, and the challenges that manufacturers face in defending against the types of attacks common in other technology fields. “Customers are demanding new capabilities and more technology, so the risk is only going to increase for vehicles,” said Jon Allen, a web security expert at Booz Allen Hamilton.

However, as the researchers demonstrated to Wired’s Andy Greenberg, the system also allows those in the know to remotely hijack the signal and run the car off the road even when someone else is meant to be at the wheel. The Jeep incident was the latest warning to the auto industry, which is rapidly adding Internet-connected features like WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. Auto manufacturers, he said, “know they need to get ahead of this from a security perspective.” Such a web-enabled threat is relatively new for the industry: Complex computer software has been used for years to power cars’ performance, but those computerized brains were always walled off inside the cars themselves; they were not connected to the wider world. Such an act might be deemed irresponsible but the researchers, who uncover theses flaws for a living, first notified FCA about the problem nine months ago and until now have remained silent about the discovery. Through a flaw they discovered, Miller and Valasek gained access to the vehicle’s computer network through the wireless Uconnect system, which let them control the steering, brakes and transmission of the Jeep while the reporter was driving.

However, the wording of the update: “Today, [the cybersecurity program] at FCA released a Technical Service Bulletin (TSB) for a software update that offers customers improved vehicle electronic security and communications system enhancements,” plus the fact that the update needs to be downloaded onto a USB key and physically installed by the owner, fails to highlight the potential seriousness of the problem. The security gap was a vulnerability in vehicles featuring Uconnect, including models built from 2013-2014 by Chrysler, Dodge, Jeep and Ram, along with the 2015 Chrysler 200. Vehicle recalls have been receiving a lot of media attention in recent months, yet according to Autotrader data, only 56% of drivers can be counted upon to take their vehicle in for servicing or correction every time.

He worked at a job in Atlanta for a few years before his employer allowed him to start working from home. “They said I could move anywhere in the world, and I came back here,” Valasek, 33, told the Tribune-Review Wednesday. “I love it. Automakers are testing driverless car features as the next stage of innovation for their industry, and Anand says such technology could help hackers remotely steal a car. I travel the world for my job, and I’m always glad to come home.” Valasek said the hack could affect as many as 420,000 Chrysler vehicles that feature the proprietary wireless entertainment and navigation system that connects to the Internet, called Uconnect. Markey, together with Senator Richard Blumenthal, Democrat of Connecticut, has also drafted legislation to establish federal web security standards for automobiles. In it, they concluded at the time that hacking a car would be too time consuming, expensive and complicated to be worth the reward, except in very specific situations.

The danger to consumers stems in large part from the rapid increase of companies, including automakers, who are making connected devices without putting the same effort into cybersecurity protections for those devices. Louis highway at 70 miles an hour, the driver, who participated in the experiment, was rendered helpless to control the air-conditioning fan, radio, windshield wipers and the car’s digital display. All of which is what makes the Uconnect exploit so serious and is why Miller has taken to Twitter to urge the public to download the software update. – AFP Relaxnews Companies put in requirements to make sure that if you are a firm that wants its device to be interoperable with a software ecosystem like a smartphone network, they will have to assure they have security safeguards.” In response to such concerns, Federal Trade Commission Chairwoman Edith Ramirez has been pushing for more privacy and cybersecurity standards in the growing Internet of Things ecosystem – a sector of devices connected to wireless signals that includes not only cars but blenders, watches, thermostats and refrigerators.

The two hackers, sitting with a laptop in a basement 10 miles away, took control of them all, even cutting the engine at one point and bringing the Jeep to a stop as traffic whizzed by. That ecosystem is growing, as an estimated 4.9 billion connected things will be used in 2015, up 30 percent from 2014, according to market research firm Gartner.

For the Wired article, Valasek and Miller took the journalist through a bit of a freak-out moment by first controlling the radio, wipers and washer fluid on the Cherokee as he was driving on a St. According to research published by Markey’s office earlier this year, only two or three of 16 studied car companies appeared to be able to detect or respond to a hack, and customers often don’t know information from their car is being collected and sent to third parties. “Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes,” Blumenthal wrote in a press statement. “Security and safety need not be sacrificed for the convenience and promise of wireless progress.” Republicans like Sen. Valasek wore a Pitt T-shirt.) By merely typing the right series of computer commands, the researchers said they could hack into these vehicles, almost anywhere they might be driving.

Valasek said, referring to Chrysler’s engineers. “But people like us think differently, and we thought how it could work until we found the way.” The pair’s hacking technique is not applicable only to Jeeps, Mr. General Motors said in a statement that “our customers’ safety and security is paramount, and we are taking a multifaceted approach to secure in-vehicle and connected-vehicle systems.” The company said it was “designing vehicle systems that can be updated with enhanced security as these potential threats arise.” Volvo said its cars were “designed with several layers of protection in hardware and software” and “enhanced with encryption and security protocols that are unique to each individual car. Government and industry officials are racing to add protections before techniques demonstrated by Miller, Valasek and other researchers join the standard tool kits of cybercriminals. This process serves to prevent the remote access and disablement of critical systems.” An Audi spokesman described security as a high priority and said the company intended to “constantly protect our cars and customers against vulnerability risks.” Mr.

In this battle, defensive forces have one clear strength: Connected devices run many types of software, meaning that an attack on one may not work on others. Even cars from a single manufacturer can vary dramatically from one model year to the next, hindering hackers. “They haven’t been able to weaponize it. That could mean something akin to running antivirus software on computers — where intrusion threats are being monitored in real time, both by consumers themselves and by automakers. “Automakers will need to be watching this around the clock to spot threats right away,” he said. “And we could see warnings for drivers as well, when suspected intrusions are detected.” Mr. You can’t yet do it on a 100,000-car basis.” Valasek acknowledged that it has taken years of research for him and Miller to reach this point, and executing the hack still requires detailed knowledge of not only computers, but also how the vehicle software works. “If you’re concerned about someone assassinating you, then, yes, you should be concerned,” Valasek said. “Otherwise, it’s not to the point where it’s opportunistic.”

Here you can write a commentary on the recording "The Web-Connected Car Is Cool, Until Hackers Cut Your Brakes".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site