Hacked: Hacking Finance

Hacking

How Hackers can Remotely Hijack Your Chrysler Vehicle

Posted on .

How Hackers can Remotely Hijack Your Chrysler Vehicle

Introduction

Two cyber crime researchers have uncovered a potential flaw in a Chrysler vehicle after remotely hacking and assuming control of its systems. As expected, the car company is in the process of providing succor and has advised customers to update the on-board software in their vehicles.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The world has embraced electronics as a norm and the automotive industry has not been left behind. The industry is gradually evolving its means of operations from mechanical to electronics and with this, comes new challenges and vulnerabilities.

jeep cherokee hackedAccording to a Wired report, two white-hat security experts have surprisingly hacked and assumed total control of a Jeep Cherokee while on the road. The driver of the Jeep who is also a Wired writer, won’t let go of the ride experience any time soon.

Loss of Control

Both security researchers, Charlie Miller, a former NSA staff and Chris Valasek of IOActive, first uncovered a distinct defect in the Uconnect system, an infotainment software that is built in Fiat Chrysler cars. The system which also supports vehicle to vehicle communication through Sprint’s network, is done over the air and allows vehicle owners to locate their cars through GPS, remotely turn on engine and ensure safety through the installed anti-theft features.

The hack process was straightforward:

  • Valasek and Miller commenced the hack, using an Android phone that was running on Sprint’s cellular network, 10 miles from the Jeep Cherokee
  • With the Android phone, they established a connection with the Uconnect system of the Jeep Cherokee which been driven, through its IP address.
  • Already plugged in, they hacked into a chip that powered the Uconnect system and proceeded to rewrite the firmware that powered the hardware.
  • At this stage, having total control of system, the researchers killed the car’s brakes and blurred the driver’s visibility by activating the windshield wipers
  • Even of greater concern is the fact that they were able to shut off the vehicle’s engine completely.
  • With the connection between the phone and the vehicle established, they even hooked up a Macbook to scan for vehicles on the same network that were vulnerable.

The researcher came to a conclusion that about 471,000 vehicles are vulnerable to the total care-compromising hack and the affected models are;

  • 2015 Chrysler 200s
  • 2013-14 models of the Dodge Ram.
  • 2014 Jeep Cherokee, Jeep Grand Cherokee and the Dodge Durango
  • 2013-14 Dodge Viper
  • 2015 Jeep Cherokee and Jeep Grand Cherokee.

“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting,” wrote Wired writer Andy Greenberg, narrating the incidence. “Next the radio switched to the local hip hop station … I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.”

Remediation

As it stands now, Chrysler doesn’t look too happy about the whole hijacking stunt carried out by both white hat researchers, but they appreciated the work done and are already on the look out to remediating the flaws.

“We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities,” Chrysler said.

However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.

Images from Vladimirs Gorelovs and Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

DON'T MISS OUT

Ali Raza

Ali Raza

Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a master degree, now he combines his passions for writing about internet security and technology. When he is not working, he loves traveling and playing games.

Comments
  • user

    AUTHOR Willieaames

    Posted on 11:02 am July 22, 2015.

    scary…..

  • View Comments (1) ...
    Navigation
    What is commonly called the Wassenaar Arrangement, a less-than-formal agreement…