Hacked vehicle prompts Fiat Chrysler onboard update
Cyber security experts Chris Valasek and Charlie Miller have publicly exposed a serious vulnerability that would allow hackers to take remote control of Fiat Chrysler Automobile (FCA) cars that run its Uconnect internet-accessing software for connected car features.
Uconnect allows owners of cars such as the Jeep Cherokee to remotely start and stop the engine and flash the lights (to find the car on a parking lot) and lock and unlock doors via a smartkey or smartphone.
However, as the researchers demonstrated to Wired's Andy Greenberg, the system also allows those in the know to remotely hijack the signal and run the car off the road even when someone else is meant to be at the wheel.
Such an act might be deemed irresponsible but the researchers, who uncover theses flaws for a living, first notified FCA about the problem nine months ago and until now have remained silent about the discovery.
Patching the problem has taken time and FCA issued a software fix for the issue on July 16. However, the wording of the update: "Today, [the cybersecurity program] at FCA released a Technical Service Bulletin (TSB) for a software update that offers customers improved vehicle electronic security and communications system enhancements," plus the fact that the update needs to be downloaded onto a USB key and physically installed by the owner, fails to highlight the potential seriousness of the problem.
Vehicle recalls have been receiving a lot of media attention in recent months, yet according to Autotrader data, only 56% of drivers can be counted upon to take their vehicle in for servicing or correction every time.
Scare stories about connected car hacks also get a lot of attention but usually the stories are heavy on the scaremongering and low on the practicalities of hacking.
Valasek and Charlie Miller have made it their business to test the security of cars in recent years and were the first experts to publish a white paper on the potential vulnerabilities and attacks in 2014. In it they concluded at the time that hacking a car would be too time consuming, expensive and complicated to be worth the reward, except in very specific situations. This is because physical access to the car would be needed in order to access its systems.
All of which is what makes the Uconnect exploit so serious and is why Miller has taken to Twitter to urge the public to download the software update.
Comments