$105-million fine...Regulators Investigating Fiat Chrysler...Hackers remotely kills a jeep in highway... 1.4 million recall

[jos]

I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

 

Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

 

As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.

 

The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

 

This wasn’t the first time Miller and Valasek had put me behind the wheel of a compromised car. In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Bend, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel. “When you lose faith that a car will do what you tell it to do,” Miller observed at the time, “it really changes your whole view of how the thing works.” Back then, however, their hacks had a comforting limitation: The attacker’s PC had been wired into the vehicles’ onboard diagnostic port, a feature that normally gives repair technicians access to information about the car’s electronically controlled systems.

Interesting article and a long one .. I guess almost all cars are compromised,, Car companies are not patching it too..

 

 

Read more at : http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

 

On Friday, Chrysler announced that it’s issuing a formal recall for 1.4 million vehicles that may be affected by a hackable software vulnerability in Chrysler’s Uconnect dashboard computers. The vulnerability was first demonstrated to WIRED by security researchers Charlie Miller and Chris Valasek earlier this month when they wirelessly hacked a Jeep I was driving, taking over dashboard functions, steering, transmission and brakes. The recall doesn’t actually require Chrysler owners to bring their cars, trucks and SUVs to a dealer. Instead, they’ll be sent a USB drive with a software update they can install through the port on their vehicle’s dashboard.

 

 

 

source: http://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/

 

Federal regulators launched an investigation into Fiat Chrysler Automobiles’s recall of 1.4 million vehicles with a potential cybersecurity flaw first identified by the auto maker in January 2014, ratcheting up concerns about broader automobile security days after hackers demonstrated an ability to remotely commandeer a Jeep’s controls through wireless communications systems.The U.S. National Highway Traffic Safety Administration on Friday launched a “recall query” to probe Fiat Chrysler’s proposed fixes for the security vulnerabilities, which involve software patches and network-level measures that don’t require actions from customers.The agency’s chief, Mark Rosekind, said NHTSA cybersecurity experts would scrutinize the recall, allowing the government to “further assess” the company’s response. Mr. Rosekind said in a statement that the agency “encouraged” Fiat Chrysler to conduct the recall, “which meets the critical responsibility of manufacturers to assure the American public that vehicles are secure from such threats, and that when vulnerabilities are discovered, there will be a swift and strong response.”

 

 

 

Source: http://www.wsj.com/articles/fiat-chrysler-recalls-1-4-million-vehicles-amid-hacking-concerns-1437751526?mod=WSJ_TechWSJD_NeedToKnow

 

U.S. government will hit Fiat Chrysler with a record $105-million fine next week for violating laws in a series of vehicle safety recalls, a person briefed on the matter said. The National Highway Traffic Safety Administration will reveal the fine Monday. In addition, Fiat Chrysler will be required to buy back a group of recalled vehicles to get them off the roads.  Fiat Chrysler, also will agree to an independent monitor to review recalls. The company will make payments to owners of 1.56 million recalled older-model Jeeps with gas tanks behind the rear axle to bring them to dealers to install trailer hitches to help protect the tanks. The tanks are vulnerable and can leak gasoline if damaged in rear collisions. The company maintains the Jeeps are as safe as comparable vehicles built at the time, and it will not buy them back. During the hearing, Fiat Chrysler did not dispute any of NHTSA's allegations. Scott Kunselman, the company's head of vehicle safety, said it is changing the way it manages safety. The safety system, he said, has been reorganized with added personnel.

 

 

 

Source: http://www.latimes.com/nation/nationnow/la-na-nn-fiat-chrysler-fine-20150725-story.html

 

What about other manufactures who uses uconnect

[Bouzoo]

The title: Hackers remotely kills a jeep in highway...

 

I'm not a grammar nazi but really?

[Sidiox]

This is bad. It will remove faith in self driving cars.

A big problem with this I think is that these car manufacturers have very little experience with actual networked cars and the dangers that come with that. 

[Real_PhillBert]

Are you sure? Chrysler products are known to just randomly stop working. /s

[DigitalHermit]

*laughing loudly in my 2000 Ford Lynx Ghia*

 

Edit:

also when you say Jeep, these things come into my mind first before the American automotive manufacturer...

 

[Bloodyvalley]

Which is why I have never trusted Jeep Cherokees, ever since I saw one explode.

[Bob Jim]

 

Interesting article and a long one .. I guess almost all cars are compromised,, Car companies are not patching it too..

 

 

Read more at : http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

 

HOW MUCH NEWS SITE STALKING DO YOU DO?

[Stuff_]

 

Interesting article and a long one .. I guess almost all cars are compromised,, Car companies are not patching it too..

 

 

Read more at : http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

 

The issue is with the CAN Bus itself. That is a very, very old bus. From the 80's. 

It was not designed with security in mind. Instead, it relies on the applicator to ensure security.

That is a massively naive way of thinking; to ensure someone using it will actually make efforts to continue security. 

 

Maybe Linus could do a tech quickie on a CAN Bus. That would be pretty neat.

 

Oh and also, they are patching it. Chrysler already has a patch out, and it can be installed via USB or through a technician. 

[Guest]

*laughing loudly in my 2000 Ford Lynx Ghia*

 

Edit:

also when you say Jeep, these things come into my mind first before the American automotive manufacturer...

 

 

I get this

 

[jos]

The issue is with the CAN Bus itself. That is a very, very old bus. From the 80's. 

It was not designed with security in mind. Instead, it relies on the applicator to ensure security.

That is a massively naive way of thinking; to ensure someone using it will actually make efforts to continue security. 

 

Maybe Linus could do a tech quickie on a CAN Bus. That would be pretty neat.

Security can be implemented over CAN bus... I have helped in some projects in infotainment using CAN bus for big brand for extremly small time as part of holiday internship.. Guess what there is no security...

[Ceatra]

And this is why I don't like electronic stearing....

[DigitalHermit]

I get this

 

 

The engines from those things (leftover from WWII and Vietnam)  are what powered the early Phil. Jeeps... and we've got lots of garages that can make replicas of those now... but with very different engines... (I've seen one with a supercharged V8...)

 

 

 

And this is why I don't like electronic stearing....

 

I completely agree with you... I hate the mushy feel of electronic power steering...

[jos]

Well that could be half the issue

 

 

TBH I'm convinced the in-dash nav/infotanement system of the new Chevy Tahoes and Suburbanes is based on an Android system based on the how you interact with it (back, home etc) so if they didn't do a good job securing it, thats bad.

 

 

The problem does not comes from the OS but the protocol used in communication does not have security implemented...DO you know CAN analyser the companies uses..that is extremly costly.. can be implemented via software and 10usd component

[DildorTheDecent]

And this is why I don't like electronic stearing....

Not to mention all the other electric driver assists. 

[jos]

The question is should we take the car to manufacturer for upgrade. if a patch comes along

[BillytheSkids]

Just

Empty

Every

Pocket

In all seriousness though this isn't that surprising or scary as some of the previous security talks I've been to (detecting RFID from Drivers Licenses and Passports in a mile+ radius). The question is what will be the result and illusion of "security" they put on it to "stop" it from being a problem? WEP? Mac filtering? If you think your house is safe from someone breaking down the door with a sledge to steal your stuff because you used you 3/4" Schlage dead bolt you are mistaken.

[iPhoenix]

This is a very scary thing.  Wireless security should not be taken lightly.  I am shocked that the full range of the car's abilities is available wirelessly. 

 

Companies are going to have to get their act together - now that this is public knowledge, there will be hundreds if not thousands of people going to try to also reverse engineer the system. 

[FakezZ]

The title: Hackers remotely kills a jeep in highway...

 

I'm not a grammar nazi but really?

You can't even imagine how much that bugged me AGHHH!

[The_Strict_Nein]

This is why, as a 19 year old, I would only want to buy a car from the 1990s.

[SImoHayha]

Wait how does that even work? Daqfuq so if a hacker just hacks the CPU of the car it just goes " Well shit time to override everything so the person with the physical wheel can't do shit " I figured that turning the steering wheel doesn't even require a CPU just the person well steering.

[Trik'Stari]

And this is why you never drive a vehicle wherein the controls are entirely dependent upon electronics.

 

 

Wait how does that even work? Daqfuq so if a hacker just hacks the CPU of the car it just goes " Well shit time to override everything so the person with the physical wheel can't do shit " I figured that turning the steering wheel doesn't even require a CPU just the person well steering.

 

Modern electric power steering probably.

[JAKEBAB]

Haha i just imagine that scene out of Big Fat Liar happening.

[Briggsy]

As the first self-driving smart car in history (fictional history), Herbie the Love Bug does not approve of these hackers.

 

[Yog]

The article doesn't say how the hack was accomplished. All of the auto hacks I've seen so far were accomplished through direct access, the hackers tapped directly into the computer and either were in the car while they took the car over or they installed a wireless device so they could do it remotely. That sort of hacking doesn't bother me because if you have direct access to my car there's any number of worse things they could do than hack it...however, if these two remotely accessed the car without prior contact that's a problem, but as far as I can see the article doesn't say one way or another.

[deviant88]

And so it has begun, the drama of remotely hacked cars, and the upcomming self driving cars drama.