I’m not quite geeky and paranoid enough to claim that this really is a Sontaran plot to take over the Earth or that the Skynet is falling, but I know a bad idea when I hear one and ‘driverless’ cars is a bad idea.
Jeep owners urged to update their cars after hackers take remote control
by Samuel Gibbs, The Guardian
Tuesday 21 July 2015 10.30 EDT
Security experts are urging owners of Fiat Chrysler Automobiles vehicles to update their onboard software after hackers took control of a Jeep over the internet and disabled the engine and brakes and crashed it into a ditch.
A security hole in FCA’s Uconnect internet-enabled software allows hackers to remotely access the car’s systems and take control. Unlike some other cyberattacks on cars where only the entertainment system is vulnerable, the Uconnect hack affects driving systems from the GPS and windscreen wipers to the steering, brakes and engine control.
The Uconnect system is installed in hundreds of thousands of cars made by the FCA group since late 2013 and allows owners to remotely start the car, unlock doors and flash the headlights using an app.
The hack was demonstrated by Charlie Miller and Chris Valasek, two security researchers who previous demonstrated attacks on a Toyota Prius and a Ford Escape. Using a laptop and a mobile phone on the Sprint network, they took control of a Jeep Cherokee while Wired reporter Andy Greenberg was driving, demonstrating their ability to control it and eventually forcing it into a ditch.
Unlike the majority of hacking attempts on cars, the vulnerability within the Uconnect system allows cybercriminals to take control of the car remotely, without the need to make physical contact with the car.
The security researchers notified Fiat Chrysler nine months ago, allowing the car manufacturer to release a security update to fix the problem, which it did on 16 July.
However the update requires users to manually update their cars by visiting the manufacturer’s site, downloading a programme onto a flash drive and inserting it into the car’s USB socket. FCA dealers can update the car for owners, but the company is apparently unable to automatically update the cars over the internet.
Newsflash: Car Network Security Is Still A Horrible, Very Dangerous Joke
by Karl Bode, Tech Dirt
Tue, Jul 21st 2015 10:33am
As we’ve noted for years, the security on most “smart” or “connected” cars is aggressively atrocious. And in fact it’s getting worse. As car infotainment systems get more elaborate, and wireless carriers increasingly push users to add their cellular-connected car to shared data plans, the security of these platforms has sometimes been an afterthought. Hackers this week once again made that perfectly clear after they demonstrated to a Wired reporter that they were able to manipulate and disable a new Jeep Cherokee running Fiat Chrysler’s UConnect platform.
The exploit appears to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. Chrysler/Fiat posted a notice to its website last week informing users that they need to update their in-car software either via USB stick (you can download the update here) or by taking it in to a dealer. Of course like many patches, most users won’t be paying much attention to the warning. And we’re only talking about Chrysler’s UConnect; there’s a bounty of half-assed security measures implemented in infotainment systems from automakers worldwide just waiting to be tinkered with by pranksters (or worse).