If you have an affected car model, please patch your firmware!
The guys who figured out this hack started on all of this 3 years ago. First they took apart 2 different cars and reverse engineered the electronic communication system known as CANbus. They learned by trial and error what messages were produced when they hit the brakes, turned the steering wheel, unlocked the doors, etc. Then they connected their own device to replicate those messages on the CANbus and whaddaya know? The car steered without the steering wheel, braked without the brake pedal.
Their research has evolved quite a bit since then. And thanks to car manufacturers including so much unsecured connectivity around mission-critical systems, it is now possible to wreak all of this havoc remotely.
Chrysler is taking the brunt of this bad publicity, but I guarantee that they are just the first. Kudos to them for doing the right thing and issuing a recall before anyone can be hurt by this problem.
I expect many more recalls, at least until the automotive industry starts paying attention to security. Which probably won’t be for a decade or more. Ultimately 2 completely separate communication systems need to be designed – 1 for mission-critical and 1 for GPS/entertainment/connectivity so that these type of attacks are rendered impossible. Let’s see how long it takes….
I recommend checking out the story at Wired that started this whole hulabaloo.
Chrysler is recalling 1.4 million vehicles that can be remotely hacked over the Internet.
A flaw in several Chrysler models lets hackers remotely control them, posing an unprecedented danger for American drivers. Hackers can cut the brakes, shut down the engine, drive it off the road, or make all the electronics go haywire.
After the vulnerability was uncovered on Tuesday, Chrysler offered a software upgrade that it recommended customers install “at their earliest convenience.”
Still under intense scrutiny, Chrysler opted to issue a formal recall on Friday to fix the vehicles themselves. Customers participating in the recall will receive a USB flash drive, which they can insert into their cars and upgrade their vehicles’ software.
The cars involved in the recall include the following vehicles equipped with 8.4-inch touchscreens:
- 2013-2015 MY Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challenger sports coupes
Chrysler said it is unaware of any accidents, injuries, warranty claims or complaints related to the software bug, other than a single incident reported by Wired on Tuesday. Researchers Charlie Miller and Chris Valasek demonstrated the vulnerability by taking remote control of a Jeep.
more at the Source