Chrysler Issues Security Update To Prevent Remote Control Of Vehicles

[Mysteoa]

I agree. Someone should get fired for this. It should be impossible for a remote control of a vehicle or it might be a backdoor created by Chrysler.

Car manufactures don't care about digital security in cars. The exploit was reviled to them before it went public and they sit on there butts and did noting until was realest. How many people that follow the news will not buy their cars anymore?

 

[jalek]

Anything that can be accessed remotely can be hacked. Someday the old men of government will learn this, maybe after they're replaced.

 

[Blueberries]

Anything that can be accessed remotely can be hacked. Someday the old men of government will learn this, maybe after they're replaced.

...and what can't can be bugged! Today there are bugs the size of stickers that have radio transmitters capable of transmitting data 3 miles away...shoved inside a USB port or something where you'll never notice it.

There are government agencies that want things to be hackable, so that they can do it at their free will. "Prove that you can remotely control this car for us so we can put our own backdoor into the production line."

 

[chicofehr]

You can't hack my 97 jeep. New isn't always better. I prefer to keep computers out of my cars. I'll be only one not having it taken over by digital terrorists. Getting a car computer hacked is much more dangerous then getting your pc or phone hacked.

 

[chicofehr]

I wonder if we will get to the point where the car is required to be online to drive. If you lose the connection then the car stops.

 

[Blueberries]

I wonder if we will get to the point where the car is required to be online to drive. If you lose the connection then the car stops.

They would have to pass legislation to make older engines that aren't equipped with modern electronic equipment illegal.

Oh wait....they are doing that!

 

[targetdrone]

I wonder if we will get to the point where the car is required to be online to drive. If you lose the connection then the car stops.

Don't Teslas get bricked if it can't phone home?

 

[Blueberries]

I honestly wouldn't be surprised if the NSA had a way to remotely control civilian planes.

 

[mrmez]

It's really such a pity to hear comments like "I prefer to keep computers out of my car", just because of one companies piss poor effort.

Seriously, how easy is if for Chrysler to put up a $10,000 prize for anyone who can hack their system, BEFORE they put cars on the road.

We shouldn't have to shun technology because a bunch of * don't know what to do.

And why aren't you Americans suing the pants off them?

 

[alidan]

I think the backdoor was done purposefully for law enforcement to stop chases. Kill switch to hamper thieves. And are claiming BUG now that someone else has learned to tap into it.

if you want to get really paranoid, they also had control of the steering wheel when the car was in reverse, and i remember a few years back when Michael Hastings died, he told his co workers he was onto something big and not talk to anyone about it, that night his car was wrapped around a tree apparently going as fast it could, and shortly after ex people in security said that we could and have used cars like this to kill people.

it doesnt sound like an exploit, more so a backdoor that was found and likely now just moved.

 

[falchard]

falchard, you really think just by not subbing to the internet service that would prevent anyone hacking in? you really don't know anything about tech do you?

... yes. The way this works is by having an IP address through the Sprint Network. My vehicle doesn't even have that bit of hardware that allows it to connect to a cell tower. Its like me claiming to hack into a wireless router when there isn't any power going to it.

Also its not just a UConnect issue. Other infotainment systems with wireless hot spot capability also have this issue. They were just able to deal with the issues in a more discrete manner or not tell their customer about these issues. Pretty much anything with an IP address and has networked access to your vehicles CAN-BUS can be hacked in a similar way.

It's true vehicle engineers don't care about securing an infotainment system. They just care about if an infotainment system will fit in their vehicle and meet their specifications. Infotainment systems are outsourced to other companies, like in this case UConnect that sources to Fiat Chrysler Autos and Volkswagen. Its up to UConnect to secure their system since they can be dropped as a supplier. Its also not something difficult to secure depending on the securities you want on a vehicle.

 

[InvalidError]

Its up to UConnect to secure their system since they can be dropped as a supplier. Its also not something difficult to secure depending on the securities you want on a vehicle.

I would say it is up to the car manufacturer/designer to firewall their critical system against the infotainment system to prevent it from accessing things in ways it is not supposed to be able to. UConnect still needs to fix their crap to prevent cyber-assaults such as hackers having a field day by setting the audio system volume to 10, disable power-off, randomly changing audio tracks or inserting some of their own, hijacking whatever systems the infotainment system can, replacing virtual dashboard instruments with embarrassing pictures, etc. but at least it would require a double-layered security flaw for hackers to affect systems which may directly affect the vehicle's physical driveability and safety.

For the rest, I think the infotainment system needs a kill-switch: a physical disconnect to kill it off when the driver suspects it may have been compromised so he can at least get to his destination without getting bombarded by random BS distractions and get the vehicle to the dealer for a reset in case the hacker modified firmware.

 

[hst101rox]

I wonder if we will get to the point where the car is required to be online to drive. If you lose the connection then the car stops.

They would have to pass legislation to make older engines that aren't equipped with modern electronic equipment illegal.

Oh wait....they are doing that!

They are?

 

[captaincharisma]

falchard, you really think just by not subbing to the internet service that would prevent anyone hacking in? you really don't know anything about tech do you?

... yes. The way this works is by having an IP address through the Sprint Network. My vehicle doesn't even have that bit of hardware that allows it to connect to a cell tower. Its like me claiming to hack into a wireless router when there isn't any power going to it.

as long as the car has the feature there is always a way to get access to it. this is why hackers have it easy because people always think in black and white.