https://www.naturalnews.com/050931_Chrysler_recall_hackers.html
(NaturalNews) In an unprecedented security recall, Fiat-Chrysler has revealed that 1.4 million of its internet-enabled vehicles can be taken over and remotely operated by hackers. The security vulnerability was recently broken by a story in
Wired Magazine that showed that a "zero-day exploit" hack (taking over a vehicle simply by knowing its IP address) was more than just a theoretical possibility.
In the article,
Wired journalist Andy Greenberg drove a Jeep while hackers Charlie Miller and Chris Valasek took over the car a little bit at a time. Greenberg notes that as far back as 2013, Miller and Valasek successfully hacked a Toyota Prius from the back seat while he drove. In that incident, however, they had to physically plug into the car's onboard diagnostic port to do so.
"A mere two years later, that carjacking has gone wireless," Greenberg writes.
Surveillance and sabotage
A zero-day exploit is now possible because in the past few years, auto makers have been hard at work making "smart" cars to go along with people's "smart phones." Many cars now feature internet connections through features such as Chrysler's UConnect, which even includes a mobile Wi-Fi hotspot. The only problem is that the computer that enables users to connect to the Internet is the same computer that controls everything from the car's entertainment system to its climate to its steering and brakes.
Greenberg recounts how the hackers took control of his air conditioner, changed his radio station and volume, and caused his screen to display their photos. They then disabled his brakes and turned off his transmission. Miller and Valasek say that they are also able to control the vehicle's steering (although only when it is in reverse, so far), and hijack its GPS system to track the vehicle and even map its progress in real time.
After the publication of the
Wired story,
Chrysler -- which had actually been in contact with Miller and Valasek for months -- issued a press release admitting the security flaw in certain Jeeps, Rams, Dodges and Chryslers. The company urged anyone with such a vehicle to bring it in for a security upgrade; the patch can also be installed via USB drive. Customers can enter their Vehicle Identification Number (VIN) at
http://www.driveuconnect.com/software-update/ to find out if their car is affected.
Turning up the heat on auto makers
When interviewed by
Wired, Chrysler expressed annoyance at Miller and Valasek's plans to publicize some of the code they used to hack the Jeep. The company claims that this might place people's safety at risk.
Miller and Valasek take the opposite position, saying that sharing the information with other programmers will help strengthen security in the long run. Perhaps even more importantly, releasing the code pressures
car makers to tighten up their security holes more quickly.
"If consumers don't realize this is an issue, they should, and they should start complaining to carmakers," Miller said. "This might be the kind of software bug most likely to kill someone."
As far back as 2011, researcher from University of Washington and the University of California-San Diego (UCSD) were able to remotely disable the brakes on a sedan, but they chose not to publicize the code they used. Instead, they conferred privately with the car maker.
However, that incident did not lead to any noticeable progress in wireless auto security. Miller and Valasek's approach is designed to turn up the heat on auto makers.
"The regulators and the industry can no longer count on the idea that exploit code won't be in the wild," said UCSD researcher Stefan Savage, who worked on the 2011 study. "They've been thinking it wasn't an imminent danger you needed to deal with. That implicit assumption is now dead."
Zero-day hacks are not just a problem for Chryslers or automobiles in general. Similar techniques have demonstrated the potential to hack into boats, planes, smart homes, drones and even GPS-targeted munitions.
Sources for this article include:http://www.activistpost.comhttp://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Receive Our Free Email Newsletter
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
Take Action: Support Natural News by linking to this article from your website
Permalink to this article:
Embed article link: (copy HTML code below):
Reprinting this article:
Non-commercial use OK, cite NaturalNews.com with clickable link.
Follow Natural News on Facebook, Twitter, Google Plus, and Pinterest