SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
22 Jul 2015

Hackers reveal nasty new car attacks

Imagine your car accelerator fails amid interstate traffic, with no shoulder to pull over. Cars are forced to slow behind you, lining up to pass and honk as they go by.

This was the scene during an experiment conducted by security researchers who have found an exploit in Chrysler's Uconnect system.

Researchers Charlie Miller and Chris Valasek are able to access a Chrysler vehicle by searching for devices using Sprint's cell network, which UConnect employs to connect to the Internet for entertainment and GPS uses. Once a hacker locates the device's IP, she can gain access from anywhere in the US. "From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code," Andy Greenberg wrote. "That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels."

The pair demonstrated the UConnect vulnerability for Greenberg, using it to "remotely toy" with his vehicle as he drove in the outskirts of St. Louis. "Immediately my accelerator stopped working," wrote Andy Greenberg. "As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun."

Miller and Valasek spared Greenberg, but they plan to take their findings – with crucial details withheld – to the Black Hat security conference in Las Vegas in August. “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller said. “This might be the kind of software bug most likely to kill someone.”

Inspired by Miller and Valasek's work in 2013, US Senators Ed Markey and Richard Blumenthal introduced a bill on Tuesday that would establish digital security standards for vehicles. The bill would require the Federal Trade Commission and the National Highway Traffic Safety Administration to set standards that would ensure wireless access points of a vehicle remain protected and that vehicles can detect and halt a hacking attempt in secure fashion.

The researchers have shared their findings with Chrysler for nine months, allowing the company to release a manually-installed patch for the security vulnerability. “[Fiat Chrysler Automobiles] has a program in place to continuously test vehicles systems to identify vulnerabilities and develop solutions,” a Chrysler spokesperson said in a statement. “FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability.”

Chrysler said it "appreciates" the researchers' work, but added that it does not "condone" their release of any information indicating how one can hack into a Chrysler vehicle equipped with Uconnect from late 2013, 2014, and early 2015. “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” Chrysler told.

“We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.” Based on previous research of 24 cars, SUVs, and trucks, Miller and Valasek believe the Jeep Cherokee is easiest car to hack, followed by the Cadillac Escalade and the Infiniti Q50.

Tags:
hackers
Source:
Russia Today
2758
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015