Posted on 07/21/2015 1:24:13 PM PDT by Swordmaker
A new vulnerability in the Uconnect system gives attackers frightening remote powers over Chrysler vehicles, revealed in a Wired exclusive report. In a live demo, attackers used the vulnerability to cut out a Jeep Cherokee's transmission and brakes and, when the car is in reverse, commandeer the steering wheel all without physical access to the vehicle. "This might be the kind of software bug most likely to kill someone," said Charlie Miller, one of the researchers behind the exploit. The full vulnerability will be presented next month at Defcon, although the researchers plan to withhold crucial details so that the bug cannot be exploited at scale.
Chrysler's UConnect system uses Sprint's cellular network for connectivity, so researchers were able to remotely locate cars by scanning for devices using that particular spectrum band. Chrysler has been including UConnect in cars since late 2013, and any cars that use the system are likely to be vulnerable to the attack. There's no apparent firewall, so once attackers have located the device's IP, they can deploy previously developed exploits to rewrite Uconnect's firmware and control the car as if they had physical access. The result is that once an attacker has a car's IP address, she can target it from anywhere in the country.
The good news for Chrysler drivers is, there's already a patch but it probably hasn't reached your car yet. Chrysler released a patch on the 16th, but it has to be installed manually, either by a dealership mechanic or manually via USB. It can be downloaded here. The vulnerability has also inspired government action, as a new automotive security bill is being introduced in the Senate alongside the report.
7/21 11:48am ET: This article previously referred to the test vehicle as a Jeep Grand Cherokee. The correct name is simply Jeep Cherokee.
Is the steering not a direct mechanical link on cars anymore?
A: The Internet of Dangerous Things.
Sad. Very damn sad.
That the venerated Jeep of all vehicles has been placed under control of two of the worlds worst auto makers.
Can I ask a stupid question? Why in the sam hill does a car have any components that can be accessed from the internet in the first place?? Why is there this feature in the cars to start with???
Skynet is pleased.
Government mandates so they can shut you down?
Refurbishing Olds Cieras from the 1980’s is looking to become a booming business...
Cars as we know them have been around for over 100 years. And the internet as we know it just a few decades. Why all of a sudden is there some need for internet access to a car’s operations? I just don’t understand why there is such a feature.
No, some are “drive by wire” technology.
Well, that settles it. My next car is going to be a ‘66 Buick Electra.
Ain’t no internet on that beauty. Plus, I get to have a Landau top.
Most likely so that the government can track us? Or so that they can control our movements? So the Police chasing a car with this capability can reach out and touch it? Part of an emergency system similar to LoJack?p> On a less evil, conspiracy laden reason, so that the manufacturer can push out Car OS updates as required. . . but if so, why is the patch only available through a dealership or USB download? Doesn't make sense that the OS of the car is at all linked to the Internet.
Ergo, Dilbert, you question is not at all stupid. The engineers who made the decision to hook the Car computer to the Internet, added a cellular radio to that computer, are the stupid ones who failed to ask them selves the question WHY should we do this stupid thing.
But even more of a question is WHY does it interface with the STEERING WHEEL when in reverse? Auto parallel parking?
Car companies are touting wireless capabilities in their new cars without regard for hacking.
How about MBZs?
Journalist Michael Hastings Dies in Fiery Hollywood Crash
Posted 6:30 AM, June 19, 2013, by paulmartella and KTLA 5, Updated at 09:32am, June 19, 2013
http://ktla.com/2013/06/19/driver-killed-in-fiery-car-crash-in-hollywood/
It is, however between auto-steering controls (for self-parking vehicles), and computer-controlled use of anti-lock braking systems/vehicle stability systems, there is a capability to steer a vehicle remotely.
Ever see the automated parallel parking option?
Wow, guess I really am old...
In the 1980’s cars were first equipped for remote diagnosis when the “check engine” light came on. At the dealer & dialed up to the factory. Then early laptops could plug into the car’s diagnosis socket & do the same.
I’ve got a 1977 Mercedes parked in a barn. May have to look at getting it running again. No black box no nuthin’.
So the government can Hastings-ize anyone not in lockstep.
73 Duster waiting in my garage. I call it the Red Barchetta.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.