Zero-day in Fiat Chrysler feature allows remote control of vehicles by Robert Abel.
From the post:
Fiat Chrysler owners should update their vehicles’ software after a pair of security researchers were able to exploit a zero-day vulnerability to remotely control the vehicle’s the engine, transmission, wheels and brakes among other systems.
Chris Valasek, director of vehicle security at IOActive, and security researcher Charlie Miller, a member of the company’s advisory board, said the vulnerability was found in late 2013 to 2015 models that have the Uconnect feature, according to Wired.
Anyone who knows who knows the car’s IP address may gain access to a vulnerable vehicle through its cellular connection. Attackers can then target a chip in the vehicle’s entertainment hardware unit to rewrite its firmware to send commands to internal computer networks controlling physical components.
…
If that sounds bad, you really need to read the Wired article Hackers Remotely Kill a Jeep on the Highway—With Me in It by Andy Greenberg.
Here’s a paragraph from the Wired article to get you hooked:
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
You won’t be disappointed because the hack continues onto the transmission, brakes, steering (not perfected, yet) and other systems.
Hard to say when this will appear as routine download with a nice GUI. Perhaps with automatic display of prospective targets within visual range.
The upside is a resurgence of interest in classic cars.
Your security status will be reflected in the lack of remotely controllable devices.
For the truly security conscious, secretaries may replace voice dictation systems on vulnerable networks.