Chrysler has issued an emergency software update for some of their cars (brands Dodge, Jeep, Ram and Chrysler), after learning that a hacker could take control of a jeep Cherokee from a distance of several kilometers and crash it into a ditch.
Experts fear that such attacks have the potential risk of death or injury to the driver and passengers, but also will cause chaos on the roads.
Chrysler urges owners of the recalled vehicles to contact the company for software updates.
Owners will not have to visit a dealer as it happens via the normal procedure review. Instead, they will receive a USB-stick, which, when connected to the car, it will load the patch to fix protection errors.
Hacking became known from an article in Wired magazine. Two professional hacker, one of whom previously worked for the National security Agency demonstrated the possibility of hijacking the car. Next month they plan to reveal some of their tricks during the security conference Black Hat in Las Vegas.
Cybersecurity experts have previously warned that the auto industry may inadvertently provide hackers with the opportunity to intervene in the work car. These are the entry points as diagnostic OBD port, as well as a growing list of wireless entry points: from the mandatory control tyre pressure to infotainment technologies using 4G LTE.
The latter path was used by hackers Charlie Miller and Chris Valasek to apply vulnerability in Jeep Cherokee 2014, FCA is equipped with a Uconnect system that accesses the Sprint network. Hackers were a few kilometers from the car, which they managed to open the access to critical control systems. Hackers used cheap Kyocera Android phone is connected to MacBook for search purposes in the 3G. They received GPS coordinates, identification number, model, release date and IP address of the cars in the immediate area.
When they first found the bug in the UConnect, it is assumed that this will only work within 100 meters within direct-WiFi. When they found in the beginning of this summer a bug in the UConnect cell implementation, it is assumed that this will give the opportunity to attack the car within a single cellular base stations. But very soon they found that the firing range has no side — hack car can be anywhere where there is Internet, at any distance.
They seized control of wiper and washer pump, killed the engine while driving on highway, took control of the steering wheel, disconnected the brakes and sent the car with a volunteer inside the highway into a ditch.The hackers contacted the manufacturer and reported the vulnerabilities discovered.
The car maker said it is concerned that hackers are planning to publish a part of they use the code at the hacker conference. Chrysler insists that this is a danger even after the software update of the car. Also statistically if the car even with a potentially deadly safety defects, only from 70 percent to 8 percent of owners bother to recall procedure and allow you to fix their cars. published
P. S. And remember, just changing your mind — together we change the world! ©