Chrysler has recalled 1.4 million cars because of a terrifying hacker demonstration. Hackers have released a video of a Chrysler Jeep being controlled by hackers leaving the driver helpless. Chrysler cars subject to the recall are 2015 Dodge Ram pickup, Challenger and Viper cars, Jeep Cherokee and Grand Cherokee SUVs.
African-Americans love theirs. Let’s just be real with that. A new car is a symbol of success and sophistication. Cars have become technologically advanced and automakers are rushing to get as much connectivity into cars as possible for multiple reasons. Modern automobiles depend on computers and the Internet to function at the maximum possible efficiency. At the same time this technology allows the owner to enjoy luxuries and access to information and services unheard of in automotive history. But there is a price to pay for being connected and it’s more than the monthly payment.
Internet connectivity is used to collect vehicle data, perform over the air updates and improve car safety. However one of the biggest reasons is money. Business Insider predicts that 75 percent of cars wil have be capable of connecting to the Internet by 2020. Car companies see connectivity as a selling point. Sales from connected cars are expected to exceed $152 billion by 2020. But entertainment is not a major selling point for connected cars. Safety is.
But connectivity, even in your car, means hackers and hackers have become the newest danger on the highway.
Recently two hackers, Charlie Miller, security researcher for Twitter and Chris Valasek, Director of Vehicle Security Research for IOActive, used their know how to exploit a weakness in Chrysler’s Uconnect on-board system.
Uconnect is found on board literally hundreds of thousands of Fiat Chrysler cars, SUVs and trucks. Because of the car’s cellular connection anyone who can discover the car’s IP address can take control of it from anywhere in the country. “From the attacker’s perspective, it’s a super nice vulnerability,” says Miller.
From a distance of a few miles the men were able hack a Jeep Cherokee SUV and turn on the air conditioning, change the radio station and turn the windshield wipers on and off. Not only were they able to do all this but they also projected their images on the dashboard screen.
These commands entered the car’s computers through the entertainment system. It became really terrifying when the hackers took control of the accelerator, steering, brakes, transmission and ignition systems. They literally hijacked a moving vehicle leaving the driver helpless.
Miller and Valasek reported their hack to Fiat Chrysler who issued a patch for the vulnerability. The software patch can be downloaded online from Chrysler’s website but a dealership mechanic has to install it. Chrysler has also issued over the air updates.
But that was simply not enough. Now Chrysler has recalled 1.4 million cars because of the hack.
The hackers have also demonstrated this capability with the Ford Escape and Toyota Prius.
Another hacker had demonstrated the ability to hack into any GM car equipped with the OnStar system. Security researcher Samy Kamkar posted a video of a device he created that demonstrates how he can intercept communications between GM’s RemoteLink mobile app and the OnStar cloud service. He was able to unlock and start the car using the device. However the device needs a little help. A small wireless device must be placed inside the target vehicle and it must be in range of Kamkar’s device. So make sure your doors are locked when you leave you GM car or truck. According to Kamkar GM is aware of the vulnerability.
And what has GM done? GM OnStar announced that it has released a software patch to update its RemoteLink app for Apple iPhone. But that seem to have failed. Kamkar told GM officials he could still track and hack their cars. GM did not acknowledge its failure to correct the problem but Tweeted, “enhanced RemoteLink app will be available soon to fully mitigate the risk.” Kamkar confirmed to WIRED.com that the patch has indeed blocked his device.
Now the federal government has taken notice of this growing threat to highway safety. National Highway Traffic and Safety Administration chief Mark Rosekind is trying to determine just how many automakers are using wireless equipment from the same company that supplies Fiat Chrysler.
“This is a shot across the bow,” said Rosekind. “Everybody’s been saying ‘cybersecurity’. Now you’ve got to step up. You’ve got to see the entire industry proactively dealing with these things.”
The bill would require the NHSTA and the Federal Trade Commission to work together to create new standards requiring automakers to meet in regards to both a vehicles’ defenses against hackers and how manufacturers can safeguard owners personal information including location records collected from the vehicles they sell.
Three major points of Markey and Blumenthal’s bill are;
- It will require the NHTSA and the FTC to set security standards for cars. Standards will be set to isolate critical software systems from the rest of a car’s internal network.
- Testing will be required by security experts and onboard systems must be able to detect and respond to malicious commands on the car’s network.
- The FTC and NHTSA will set privacy standards. Automakers will be required to inform buyers of how they collect information from the vehicles they sell and permitting drivers to opt out.
- Restrict how the information collected can be used for marketing.
- Manufacturers will be required to display window stickers ranking a cars security and privacy protections.