"Entertainment System" Vulnerability Turns Vehicles Into Hot Death

Reports (video) are in that cybersecurity researchers Charlie Miller and Chris Valasek have demonstrated a potentially life-threatening1 security vulnerability in a raft of new cars and trucks with "connected" entertainment systems.

Able to fully kill the engine, sharply apply the brakes, disable the brakes altogether, control the steering wheel (but only when the vehicle is driving in reverse), track the vehicle's GPS coordinates, leak the vehicle's Vehicle Identification Number (VIN), measure its speed, and drop pins on a map to trace the vehicle's route, the two grey hat hackers2 have demonstrated an entirely new level of remotely accessible security exploit.3 While wireless attacks that have unlocked car doors were demonstrated as far back as 2010, an attack available to so many essential driving systems and available to anyone, from anywhere, anytime is as disconcerting as it is unprecedented.

So far, the exploit has only been demonstrated on Jeep's new Cherokee equipped with the Uconnect Internet-connected computer system that controls navigation, phone calls, entertainment, and an in-car Wi-Fi hotspot, but Miller and Valasak see no reason why every Uconnect-enabled vehicle wouldn't be vulnerable in the exact same way. All that attackers require is knowledge of the vehicle's IP address in order to remotely execute commands from anywhere in the world. From there, through the Sprint telephone network,4 the attacker can access the Uconnect system and rewrite the firmware, which can then send commands through the vehicle's internal computer network, known as a Controller Area Network (CAN) bus,5 to the critical driver controls.

As of this writing, upwards of 471,000 Fiat and Chrysler models with the Uconnect system are vulnerable to this remote exploit unless the multimedia system been patched via a USB-installed update now available to customers through the automaker's website.

In response to their findings, which the duo themselves found "unsettling," Charlie Miller cautions new car buyers :

If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone.

If the piping hot prices of air-cooled Porsches are anything to go by, it appears that consumers who are looking for less connected cars are already voting with their wallets, though whether this recent ramp-up in the price of older automobiles is a matter of rekindling the lost man-machine interface or a matter of digital security remains open to speculation.

Miller and Valasek plan to discuss their research findings in greater detail at the Black Hat Conference at the Mandalay Bay Resort & Casino in Las Vegas, which is taking place from August 1st to 6th this year.

  1. Michael Hastings, anyone ? 

  2. Miller and Valasak have released their findings and exploits to automakers, but their research wasn't formally contracted by said automakers, and nor has it been positively received. 

  3. Though the pair did publish a paper entitled Survey of Remote Attack Surfaces in August 2014, which addressed less severe security vulnerabilities in systems such as Bluetooth and Collision Prevention. 

  4. Sprint is on the CDMA network. 

  5. CAN was developed by Robert Bosch GmbH in 1983, released by the Society of Automotive Engineers (SAE) in 1986, and came to market via Intel and Philips in 1987. 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>