Two cyber crime researchers have uncovered a potential flaw in a Chrysler vehicle after remotely hacking and assuming control of its systems. As expected, the car company is in the process of providing succor and has advised customers to update the on-board software in their vehicles.
The world has embraced electronics as a norm and the automotive industry has not been left behind. The industry is gradually evolving its means of operations from mechanical to electronics and with this, comes new challenges and vulnerabilities.
According to a Wired report, two white-hat security experts have surprisingly hacked and assumed total control of a Jeep Cherokee while on the road. The driver of the Jeep who is also a Wired writer, won’t let go of the ride experience any time soon.
Loss of Control
Both security researchers, Charlie Miller, a former NSA staff and Chris Valasek of IOActive, first uncovered a distinct defect in the Uconnect system, an infotainment software that is built in Fiat Chrysler cars. The system which also supports vehicle to vehicle communication through Sprint’s network, is done over the air and allows vehicle owners to locate their cars through GPS, remotely turn on engine and ensure safety through the installed anti-theft features.
The hack process was straightforward:
- Valasek and Miller commenced the hack, using an Android phone that was running on Sprint’s cellular network, 10 miles from the Jeep Cherokee
- With the Android phone, they established a connection with the Uconnect system of the Jeep Cherokee which been driven, through its IP address.
- Already plugged in, they hacked into a chip that powered the Uconnect system and proceeded to rewrite the firmware that powered the hardware.
- At this stage, having total control of system, the researchers killed the car’s brakes and blurred the driver’s visibility by activating the windshield wipers
- Even of greater concern is the fact that they were able to shut off the vehicle’s engine completely.
- With the connection between the phone and the vehicle established, they even hooked up a Macbook to scan for vehicles on the same network that were vulnerable.
The researcher came to a conclusion that about 471,000 vehicles are vulnerable to the total care-compromising hack and the affected models are;
- 2015 Chrysler 200s
- 2013-14 models of the Dodge Ram.
- 2014 Jeep Cherokee, Jeep Grand Cherokee and the Dodge Durango
- 2013-14 Dodge Viper
- 2015 Jeep Cherokee and Jeep Grand Cherokee.
“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting,” wrote Wired writer Andy Greenberg, narrating the incidence. “Next the radio switched to the local hip hop station … I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.”
As it stands now, Chrysler doesn’t look too happy about the whole hijacking stunt carried out by both white hat researchers, but they appreciated the work done and are already on the look out to remediating the flaws.
“We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities,” Chrysler said.
However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.
Images from Vladimirs Gorelovs and Shutterstock.