Pages

July 22, 2015

Car Jacking Or Car Hacking?

The more I read about new cars, the more I want wheels that were manufactured pre-1973; full bore Luddite, EMP resistant, hack-proof, analog vehicles.


Like everyone else, Chrysler uses software in its on-board entertainment package. But this one can be accessed over the internet. Two hackers put it to the test...
[...]The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
The hackers were only ten miles away when they took control of the vehicle, but distance is not a factor.

Chrysler's UConnect system uses Sprint's cellular network for connectivity, so researchers were able to remotely locate cars by scanning for devices using that particular spectrum band. Chrysler has been including UConnect in cars since late 2013, and any cars that use the system are likely to be vulnerable to the attack. There's no apparent firewall, so once attackers have located the device's IP, they can deploy previously developed exploits to rewrite Uconnect's firmware and control the car as if they had physical access.


Story here and here.

4 comments:

Woodsterman (Odie) said...

My wife's new Jeep has UConnect. We don't use it.

sig94 said...

Odie - can you disable it?

Doom said...

I sure thought about going to an older truck. But, man, if you don't have skills, tools, strength, and other resources, it'll cost you every day of your life. When a machine gets that old... Now, if you take it in, have it stripped and rebuilt (cost you, a lot), that will cut on daily daily costs. You will pay more to get it in condition to run (and hopefully your carb doesn't flake out on you), than you will a brand new vehicle. Oh, and gas. Yes, it eats gas. A '72 Ford 4x4, 8 cylinder. Began eating every allowance and credit card, so I, finally, had to let her go. I suppose you could go with something else. Oh, but, a lot of them took leaded, too. Gotta really check a lot of things before you buy. And make sure it will pass any local or state emission tests and safety checks.

I think baby got about 8(?) miles to the gallon, and about the same with oil. :p

Kid said...

The car companies are focused 100% on user experience and 0 % on security. It's going to take a healthy lawsuit(s) to get them to change.
You can guess what happens in the meantime.