It turns out that Internet can be used to turn off a moving car, as proved by two cybersecurity researchers, sparking new controversy in the debate over connected cars which rely heavily on technology.
Charlie Miller of Twitter, a former employee of National Security Agency, and researcher Chris Valasek showed that it’s possible to break into a car that’s being driven, and did just that by using Uconnect, a system of Fiat Chrysler telematics.
During a controlled test, Miller and Valasek messed with some inessential features available in a the Jeep Cherokee – such as turning on the radio or the AC – but then they proved it’s possible to rewrite the code embedded in the hardware responsible for the central entertainment system.
After getting inside the internal network of the car, the hackers were able to issue new commands for the engine, steering or brakes system. Miller didn’t beat it around the bush when asked by Reuters, and said that thousands of cars are currently on the road and completely vulnerable to such hacking.
After the test, Fiat Chrysler issued a general fix that takes care of most of the vulnerability presented by the internal network. Users can access the software patch for free directly on the company’s website or by asking at dealerships.
A car’s system is much like a smartphone or tablet, so regular updates are required for the vehicle software to improve its security protection. Even though these issues weren’t dealt with immediately, the Chrysler fix is said to significantly reduce the risk of gaining unauthorized and unlawful access to vehicle systems.
Car safety has been Miller and Valasek’s concern for years and they are among the first to warn about remote hacking as an inevitable danger that will hit the roads. Remotely hacking into a moving vehicle has been done before by another hacking team, but the name of the car manufacturer and the method to get in was left unknown.
According to Mark Rosekind, the chief of National Highway Traffic Safety Administration, the agency’s concern over how safe vehicle control systems are is growing significantly. Bad actors will eventually get around to pressing some of the vulnerable spots, making people weary of engaging with vehicle systems that aren’t safe and secure.
A lot of Jeeps – the vehicles proved most susceptible to this kind of hacking – might remain on the road with no fix and vulnerable to cyberhacking.
According to scientists, however, it’s not as easy as it sounds, as the hacker would need to know the car’s Internet Protocol address in order to launch a specific attack on it – an address that changes with each new start of the car.
Image Source: Engadget