When cars are the hackable mobile device: Fiat issues recall on 1.4 million Dodge, Jeep, and Chrysler vehicles

When cars are the hackable mobile device: Fiat issues recall on 1.4 million Dodge, Jeep, and Chrysler vehicles
More and more new vehicles are connected to the gills. From offering basic navigation connectivity to full-blown phone calling and Wi-Fi hotspot capability, cars themselves are mobile devices.

As with anything connected to the internet, there is an IP address, and that means it can be accessed remotely. Two hackers, Charlie Miller and Chris Valasek, took Wired author Andy Greenberg for a ride, literally, and remotely.

Many modern vehicles have followed the model of passenger jets, with fly-by-wire type systems replacing mechanical or hydraulic mechanisms that affect everything from acceleration, braking, radio controls, and even steering.

Miller and Valasek have discovered what amounts to a zero-day hack on Fiat’s Chrysler division vehicles that are equipped with the U-Connect option. By exploiting a vulnerability in the entertainment system, the two hackers were able to rewrite the firmware, allowing the system to send commands to the vehicle’s CAN bus (the car’s internal network). Once that is accomplished, anything connected to the CAN bus can be manipulated depending on the vehicle configuration, from HVAC, engine operations, accelerators, steering, and braking.

The two hackers plan on publishing their findings and sharing the most of the methodology at the Black Hat conference next month. They have also shared their findings with Fiat so the company could issue a security patch recall to Chrysler vehicles equipped with U-Connect. While Fiat is not a fan of the idea of Miller and Valasek sharing this knowledge with the hacker community, the two defend the action as necessary for peer review, proof of concept, and to bring the issue into the limelight.

The recall affects up to 1.4 million vehicles, and the fix involves updating the U-Connect firmware through a USB dongle that customers can download and install themselves, or visit a dealer to have the patch installed for them. Vehicles on the list include the 2013-2015 Dodge Viper, 2013-2015 Ram Pick-ups, 2014-2015 Jeep Cherokee and Grand Cherokee, 2014-2015 Dodge Durango, 2015 Chrysler 200 and 300, and 2015 Dodge Challenger and Charger.

“If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone,” according to Miller. Based on the video below from Wired, this is definitely going to be an issue of concern for today’s vehicles to tomorrow’s autonomous systems under development.



sources: TFLCar and Wired

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless