 |
| Wired writer Alan Greenberg coasted helpless into a ditch after hackers took over the Jeep Cherokee. |
FIAT Chrysler Automobiles (FCA) this week responded to an article
in Wired Magazine that reported how
two legendary hackers took over a Jeep Cherokee while it was driving, and then
pretty much did what they wanted with the big ute, including stalling it in
front of a speeding truck.
Two things need to be noted about this news — it took legendary
hackers Charlie Miller and Chris Valasek years of studying systems to get to the
point where they could hack into cars remotely; and both are consulting to the
automotive industry to close the security loopholes they find.
FCA reassured drivers in South Africa the loophole in this case, a
cellular modem embedded in the
cars, is not available in Fiats, Jeeps or Chryslers sold outside of the U.S., since international markets are currently not offering the same connectivity features as the U.S. market vehicles. The automaker said in a statement: “FCA has a dedicated team from System Quality Engineering focused on identifying and implementing software best practices across the company globally. The team’s responsibilities include development and implementation of cyber-security standards for all vehicle content, including on-board and remote services.”
cars, is not available in Fiats, Jeeps or Chryslers sold outside of the U.S., since international markets are currently not offering the same connectivity features as the U.S. market vehicles. The automaker said in a statement: “FCA has a dedicated team from System Quality Engineering focused on identifying and implementing software best practices across the company globally. The team’s responsibilities include development and implementation of cyber-security standards for all vehicle content, including on-board and remote services.”
The group has already made available a patch to close the loop,
which more than 150 000 owners in the U.S. can activate either at a dealer or by
inserting a USB drive into their audio systems. Cadillac and Infinity, which
have the same vulnerability, according to the hackers, have not yet made public
their reaction.
 |
| Don't shoot! They are the good guys, actually... legendary hackers Charlie Miller and Chris Valasek |
Both Miller and Valasek are based in Missouri, and the pair
challenged their usual victim, Wired
reporter Andy Greenberg to submit to another hacking test in a car. In 2013,
they cabled up to a Ford Escape and a Toyota Prius and disabled brakes,
activated the hooter, the pretensioner on the seat belt and the electric
steering wheel motor.
But back then they needed to plug into the vehicles’ onboard
diagnostic port to hack these systems and the car industry largely ignored their
warning.
Two years later, “carjacking has gone wireless”, wrote Greenberg,
explaining the hackers have now sent out a wake-up call to the industry by
showing how they can find and take over any Chrysler car with Uconnect anywhere
in the U.S.
With Greenberg, the hackers first turned on the cold air, then they
turned the volume up full, playing Kanye West through the stereo and finally
they flashed up a picture of themselves on the car’s console and set the
windscreen wipers going full blast, squirting cleaning fluid onto the windscreen
to make it difficult to see.
Greenberg thought the photo was a nice touch, but was left feeling
powerless by all the other tricks, which it turned out were just the warm-up for
the main event. The hackers next turned off the engine, leaving Greenberg
coasting slower and slower on a busy freeway as a big truck raced up behind
him.
Greenberg finally steered the car onto the shoulder of the highway,
only to find he had no brakes as he helplessly slid the two-ton Jeep into a
ditch.
The pair have since showed FCA how to close the digital loophole,
but they can still track cars without using the patch through on-board GPS,
plotting on a map in real time just like they do in any Bond movie.
Since the article appeared last week in Wired, the U.S. Senate set new digital security standards for
cars and trucks.
The senate stated it was not in response to the hackers’ wake-up
call, but as part of a general effort to ensure standards of digital safety and
privacy of cars within the next five years.
