Own Chrysler? Hackers Can Hack 500,000 Chrysler Cars
Right now Chrysler is under investigation and in upcoming weeks, cyber security researchers are going to reveal information about 0day exploits that are affecting more than half a million cars. Zero day exploits allow hackers to hack a car and take a complete control of vehicles from kilometers away.
Renown security researcher and car hacker Charlie Miller and Chris Valasek have conducted a demo to Wired’s Andy Greenberg. Andy took a ride with Jeep Cherokee while hackers used 0day vulnerabilities to hijack his car. Hackers gained full access to entertainment system and then rewrote the firmware allowing them to send any commends: transmission, brakes, steering, and more. They exploited a vulnerability in Jeep’s Uconnect system which is connected to cellular network.
According to Greenberg:
As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.
As we are aware Chrysler knows about vulnerabilities in his car systems and even released a patch to Uconnect, however it must be installed via USB or by dealer.
Chrysler reprimanded cyber security researchers for sharing such information, stating that:
Under no circumstances does [Fiat Chrysler Automotive] condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems
You can see a video demonstration here: