Chrysler Issues Security Update To Prevent Remote Control Of Vehicles

[IInuyasha74]

Chrysler has issued a security update for many of its vehicles to prevent them being controlled remotely.

Chrysler Issues Security Update To Prevent Remote Control Of Vehicles : Read more

 

[targetdrone]

There is a very simple way to fix and avoid these problems. DO NOT CONNECT A CAR TO THE INTERNET. Have these engineers never watched Mission Impossible or Battlestar Galactic?

 

[Blueberries]

There is a very simple way to fix and avoid these problems. DO NOT CONNECT A CAR TO THE INTERNET. Have these engineers never watched Mission Impossible or Battlestar Galactic?

Or Bluetooth, or Satellite, or have a bug you don't know about...

 

[IInuyasha74]

There is a very simple way to fix and avoid these problems. DO NOT CONNECT A CAR TO THE INTERNET. Have these engineers never watched Mission Impossible or Battlestar Galactic?

Like the Battlestar reference. Fortunately I don't think we need to worry about the machines becoming self aware until Skylake comes out at the end of the year.

 

[ko888]

Chrysler discovered a rather problematic security flaw in several of its vehicles

I don't think Chrysler discovered the problem.

Charlie Miller and Chris Valasek demonstrated a zero-day exploit that forced Chrysler to act.

http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

 

[InvalidError]

Did the patch really disable the ability to remotely control vehicle features or just remove/replace a known method of gaining access?

This is going to be fun with drive-by-wire vehicles where even the throttle body (if present) is controlled by software.

 

[mrmez]

Does this signal the age of regular security updates for cars?

You get to work and can't use your PC for 10 minutes because Windows has to download and install updates.

Now you can't start your car if you haven't installed critical security updates.

 

[InvalidError]

Now you can't start your car if you haven't installed critical security updates.

And after 10 years, the vendor drops support for your car's software and hardware, so you have to buy a whole new car or face the increased security risk, possibly with increased insurance premium for running on obsolete software.

 

[IInuyasha74]

Honestly, as much as I like tech, I'd honestly prefer that my car not have an advanced enough computer system inside of it that it needs security updates.

 

[falchard]

Don't affect me and my 2015 Chrysler 200, because I could not afford the Wifi Internet service and thinks Sprint sucks in my area.

 

[rantoc]

Most likely due to cost savings the cars main electronics and "gadgets" are not separated allowing this. How come to the so called "geniuses" can't predict this is just the beginning if the slippery slope they take by playing with peoples safety like that? Its beyond me! The responsible should be fired before something worse will happen, a car shut down is bad - What happens when the hackers choose to go after say the steering servo?

 

[zodiacfml]

I agree. Someone should get fired for this. It should be impossible for a remote control of a vehicle or it might be a backdoor created by Chrysler.

Most likely due to cost savings the cars main electronics and "gadgets" are not separated allowing this. How come to the so called "geniuses" can't predict this is just the beginning if the slippery slope they take by playing with peoples safety like that? Its beyond me! The responsible should be fired before something worse will happen, a car shut down is bad - What happens when the hackers choose to go after say the steering servo?

 

[InvalidError]

Most likely due to cost savings the cars main electronics and "gadgets" are not separated allowing this.

I am pretty much certain that the safety-critical and hard real-time requirements of critical automotive subsystems guarantee that they require dedicated processors. The problem is that all of those things are networked together and it seems like Chrysler did not properly "firewall" critical systems from the entertainment stuff.

I can imagine how this may translate into regulations requiring a dedicated firewall chip between CAN/OBDII and non-critical systems to ensure the entertainment and other subsystems cannot access any critical systems in any way they are not intended to.

 

[USAFRet]

So these guys got this working in June, and now a couple of weeks later Chrysler has a magical fix?
Why was this not caught in design and testing? Years ago...

Thank goodness for my '97 F-150.

 

[captaincharisma]

falchard, you really think just by not subbing to the internet service that would prevent anyone hacking in? you really don't know anything about tech do you?

 

[Dyseman]

I think the backdoor was done purposefully for law enforcement to stop chases. Kill switch to hamper thieves. And are claiming BUG now that someone else has learned to tap into it.

 

[hoofhearted]

Shutdown American cars in the thousands with with an exploit to the late-payment-safeguard ... I am sure the terrorists are not avidly studying this.

 

[amdfangirl]

Like the Battlestar reference. Fortunately I don't think we need to worry about the machines becoming self aware until Skylake comes out at the end of the year.

Skylake, Skynet same thing.

 

[hst101rox]

Cannonlake is when it turns on the humans. Kaboom!

 

[sharpless78]

So these guys got this working in June, and now a couple of weeks later Chrysler has a magical fix?
Why was this not caught in design and testing? Years ago...

Thank goodness for my '97 F-150.

Why? Because car manufacturers are not used to think about security.

 

[USAFRet]

So these guys got this working in June, and now a couple of weeks later Chrysler has a magical fix?
Why was this not caught in design and testing? Years ago...

Thank goodness for my '97 F-150.

Why? Because car manufacturers are not used to think about security.

"car manufacturers" don't make the software. Programmers do.

 

[randomizer]

I can imagine how this may translate into regulations requiring a dedicated firewall chip between CAN/OBDII and non-critical systems to ensure the entertainment and other subsystems cannot access any critical systems in any way they are not intended to.

They shouldn't even be physically connected. No need for another potential source of vulnerabilities if there is no way to reach critical systems from your DVD player.

 

[SoiledBottom]

Cars hooked up to the internet is for tracking.

 

[InvalidError]

They shouldn't even be physically connected.

In an ideal maximum security scenario, sure.

But some people want computerized instrument clusters with graphics LCD/OLED displays instead of electromechanical gauges for the convenience of having all of their car's controls and status displays from engine RPM to GPS, the currently selected FM station and rear view camera all in one place.

And then you also have some of the newer cars that use cameras, GPS, ultrasound, radar and other systems for assisted or automatic parking, active collision avoidance, cruise control, etc. that tie into brake, steering, throttle control, etc.

"Interesting" things are going to happen.

 

[capt_taco]

When you reach a situation where security updates are necessary FOR A CAR, you've officially gone overboard with "connected" technology. Until you are actually building a self-driving car, anything having to do with the core components - engine, transmission, steering, gas/brake - has no reason to be connected to the Internet. Those parts worked fine without any computer assistance for 100 years, and with non-connected computers for the last 20. If you want to prevent an attack, physical isolation is the only 100% sure way to do it, and on a car, there is no reason why it should not be.