New vulnerability lets attackers hijack Chrysler vehicles over the web

[BlueStateSaint]

It was only a matter of time before hackers got the ability to do this.

New vulnerability lets attackers hijack Chrysler vehicles over the web



By Russell Brandom
 on July 21, 2015 10:57 am

A new vulnerability in the Uconnect system gives attackers frightening remote powers over Chrysler vehicles, revealed in a Wired exclusive report. In a live demo, attackers used the vulnerability to cut out a Jeep Cherokee's transmission and brakes and, when the car is in reverse, commandeer the steering wheel — all without physical access to the vehicle. "This might be the kind of software bug most likely to kill someone," said Charlie Miller, one of the researchers behind the exploit. The full vulnerability will be presented next month at Defcon, although the researchers plan to withhold crucial details so that the bug cannot be exploited at scale.
 
Chrysler's UConnect system uses Sprint's cellular network for connectivity, so researchers were able to remotely locate cars by scanning for devices using that particular spectrum band. Chrysler has been including UConnect in cars since late 2013, and any cars that use the system are likely to be vulnerable to the attack. There's no apparent firewall, so once attackers have located the device's IP, they can deploy previously developed exploits to rewrite Uconnect's firmware and control the car as if they had physical access. The result is that once an attacker has a car's IP address, she can target it from anywhere in the country.
 
--------------------------------------------------------------------------------

The good news for Chrysler drivers is, there's already a patch — but it probably hasn't reached your car yet. Chrysler released a patch on the 16th, but it has to be installed manually, either by a dealership mechanic or manually via USB. It can be downloaded here. The vulnerability has also inspired government action, as a new automotive security bill is being introduced in the Senate alongside the report.
 
7/21 11:48am ET: This article previously referred to the test vehicle as a Jeep Grand Cherokee. The correct name is simply Jeep Cherokee.

That's the whole article.  The link: http://www.theverge.com/2015/7/21/9009213/chrysler-uconnect-vulnerability-car-hijack

Messed up!

[DumbAss Tanker]

I don't need a smart car.  I need a car that is mechanically reliable, simple and inexpensive to repair, and reasonably safe.  I don't give a shit about any other so-called conveniences.  Unfortunately America is unable to produce such a vehicle anymore.

[Chris_]

How do you tell the difference between a hack and Chrysler's regularly shitty build quality?

[thundley4]

I don't need a smart car.  I need a car that is mechanically reliable, simple and inexpensive to repair, and reasonably safe.  I don't give a shit about any other so-called conveniences.  Unfortunately America is unable to produce such a vehicle anymore.

Exactly.  I don't believe all the computer and electronic crap are required to get reasonable power and fuel economy. Give me a car with AC/Heat and a radio and I'm  good.