Hackers take control of Jeep remotely and crash it

[Tugela]

Fascinating, but worrisome, article in the Daily Telegraph about how a couple hackers exploited a security flaw in Fiat/Chrysler's wireless system to take control of a Jeep Cherokee and hijack its systems.

But according to Miller and Valasek, the on-board Internet connection is a "super nice vulnerability" for hackers. All they have to do is work out the car’s IP address and know how to break into its systems and they can take control.

They claim that more than 470,000 cars made by Fiat Chrysler could be at risk of being attacked by similar means

To which I say "Good luck taking control of my GEMS computer, motherfuckers. If I still had my RRC you'd never stand a chance at cracking the ultrasecure defenses of 14CUX. And as for a Series III, forget about it completely."

 

[Maximumwarp]

Something about this sounds fishy. They disabled the brakes via the Uconnect? The Uconnect interacts with the BCM, but the brakes should still function even if the BCM completely shuts down. Maybe not the electric parking brake, but the normal, hydraulic assist brakes, yes. And I'm fairly certain the Uconnect doesn't have access to the car's higher systems. And they did this from 10 miles away? I have to have my Chryslers within 50 ft of my shop in order to connect to them, and that's using Chrysler's wireless diagnostic tools that plug into the ODB and broadcast a signal. I don't think the car has anything capable of sending or receiving a signal from that far, aside from the RF reciever for the keyless entry/remote start.

 

[az_max]

Something about this sounds fishy. They disabled the brakes via the Uconnect? The Uconnect interacts with the BCM, but the brakes should still function even if the BCM completely shuts down. Maybe not the electric parking brake, but the normal, hydraulic assist brakes, yes. And I'm fairly certain the Uconnect doesn't have access to the car's higher systems. And they did this from 10 miles away? I have to have my Chryslers within 50 ft of my shop in order to connect to them, and that's using Chrysler's wireless diagnostic tools that plug into the ODB and broadcast a signal. I don't think the car has anything capable of sending or receiving a signal from that far, aside from the RF reciever for the keyless entry/remote start.

their new systems integrate with the cellular card like many of the other MFR systems (On-star, Infiniti Connection, Ford mylink(?) ).

My question is why are key systems like engine control and ABS writable from remote systems? I'd expect audio, nav and other entertainment systems to have a writable partition to store info, and logging info for other systems for diag but hands off the ECU, ABS, Trans and steering systems.


Pretty soon there will be Mcafee and Norton AntiVirus for cars!


edit: original story

 

[Maximumwarp]

OnStar (GM) and BlueLink (Hyundai) are services that connect to the car remotely, but Uconnect isn't. It's purely infotainment, but it lets you change settings to the car that have to be run by the BCM, like how long the lights stay on after you lock it or if the headlights come on when you turn on the wipers. I don't believe it has access to anything more vital than that.

 

[Maximumwarp]

Nevermind, I just read the original story you posted, az_max. They got into the CAN bus, that would do it. Sounds like this is the fully-loaded model with the full-blown Uconnect, I guess it has some type of cell connection. Most of ours are the lesser version.

 

[Tugela]

Here is a link to coverage in the NY Times, which gives a bit more technical detail than the Daily Telegraph article.

 

[umbertob]

An even more in-depth article on Wired: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

 

[MM3846]

An even more in-depth article on Wired: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Yup, this article was great. Pretty intense that they were able to just "look up" uconnect equipped cars just driving around and could do any of this stuff to them.

 

[Axel]

Yeah, great article. Technology can be both a blessing and a curse.

 

[Devildog01]

I'm going tomorrow to buy my ex-wife a new jeep.

 

[brian4d]

This is a great example of - There's too much shit in cars these days...

My favorite years for used cars would be from about 93-2005

 

[bri]

Pretty soon there will be Mcafee and Norton AntiVirus for cars!

And they will run as slow as our old rovers.

 

[discostew]

I think the easy fix is to make the internet connection have access to only the entertainment system. The problem with that is the entertainment system also has to be on the can or what ever networks the car runs. I think the game really changes with electric power steering . You would have no time to react to someone throwing your car into oncoming traffic at speed. I think it would be hard to disable the brakes totally.

 

[kennith]

I think the easy fix is to make the internet connection have access to only the entertainment system. The problem with that is the entertainment system also has to be on the can or what ever networks the car runs. I think the game really changes with electric power steering . You would have no time to react to someone throwing your car into oncoming traffic at speed. I think it would be hard to disable the brakes totally.

Aftermarket receivers and computers can accomplish all of these new tricks with a power and ground wire.

Just isolate the infotainment and connectivity systems from the main vehicle user interface.

Problem solved.

Cheers,

Kennith

 

[Tugela]

Fiat recalls 1.4 million vehicles to fix software flaw.