The fear that a third party could take over vehicles or aircraft and cause enormous damage has been present for a long time, when such vehicles are increasingly connected and digital.
Now it turns out that fear is justified too.
The magazine Wired have shown how two security experts could gain control of a Jeep Cherokee, and this was done from a laptop located far away.
No restrictions
The two “hackers”, Charlie Miller and Chris Valasek, have been working to prove this kind of security challenges long, but so far it has been necessary to physically be inside a car to gain control of the elements of it.
Also read: paid bounties to security experts.
When it comes to the current model Jeep Cherokee situation is different.
Miller Valasek, managed to utilize your car’s built Uconnect system, which is connected to the standard mobile network, while Wired journalist drove the car on a highway outside St. Louis.
The result was dramatic: The hackers got first control of the AC system, wipers and plant. Then shut down the engine, so the car stopped by itself. The driver could not control this, not even slowing.
During the process, they showed also picture of himself on the car’s built-in monitor, to make the humiliation complete.
All this was obviously collusion, but the break was real. The plan is that Miller and Valasek will reveal parts of the process at BlackHat conference next month. There shall be one specific element of the car’s software vulnerability, and this gives access to the vehicle for anyone who knows the vehicle’s IP address.
Then, hackers write the code on the main processor that controls the vehicle entertainment system and further gain control of essential systems.
Read more: Hacker Celebrities will prevent bilangrep.
According to the two hackers would their system work on most newer Chrysler models UConnect system. They have not yet attempted to break into other automobile manufacturers. It should be nearly half a million UConnect-equipped vehicles on American roads.
It should be said that Miller and Valasek has also worked with Chrysler and given them information about the vulnerability, which causes the vehicle manufacturer comes with a patch that patches the hole. Fiksen must be manually installed via a USB stick. Car company is also disappointed that hackers plan to disclose parts of the process (certain details, such as the actual code used, will remain secret).
The revelations also led quickly to action from politicians: Two US senators are now planning new legislation that sets specific safety requirements that automobile manufacturers must meet to be protected from cyber attacks. This means that critical systems must be isolated from the rest of the vehicle network, diligent testing and additional systems that can recognize and protect against attacks.
No comments:
Post a Comment