Jeep hacked while on highway.

[enigma-2]

Oh great. Now we have to have a firewall for our car's head unit.

 

Just seen on CNN, where a Jeep was hacked while driving on the freeway. Two guys spent three years expirmenting on connecting to a car through the Internet. Were able to turn on the radio and wipers and kill the ignition.

 

Apparently Chrysler was in the loop and will develop a patch to the car's code to prevent others from using this method.

 

Article in the 07/21/2015 Wired Magazine (Google "wired.com", lead story.) Can control brakes, transmission, radio, heater, a/c, steering, etc. Fun stuff.

Edited July 22, 2015 by enigma-2

[akirby]

You shouldn't add an internet connection to the infotainment system without a firewall and/or vpn connection and other security measures.

 

It also appears that CANBUS is not a very secure protocol and is easily hacked once you get access to it. This wasn't a problem before wi-fi and bluetooth since you had to physically plug into the vehicle.

 

This is what happens when car people try to do networking. This is IT 101 stuff.

[RJG]

I believe it was also reported they had access to the car before it went on the road. I'm not concerned about this.

[akirby]

I believe it was also reported they had access to the car before it went on the road. I'm not concerned about this.

 

They only needed the direct connection to a sample vehicle to crack the CANBUS protocols and figure out the controls. Once they do that they can access any vehicle via the internet.

 

 

Sitting on a leather couch in Miller’s living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

Uconnect computers are linked to the Internet by Sprint’s cellular network, and only other Sprint devices can talk to them. So Miller has a cheap Kyocera Android phone connected to his battered MacBook. He’s using the burner phone as a Wi-Fi hot spot, scouring for targets using its thin 3G bandwidth.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, appears on the laptop screen. It’s a Dodge Ram. Miller plugs its GPS coordinates into Google Maps to reveal that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to appear on his screen is a Jeep Cherokee driving around a highway cloverleaf between San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Seeing the actual, mapped locations of these unwitting strangers’ vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

[kkreit01]

This can happen to any FCA vehicle with UConnect. It could easily happen to our Durango as well. Probably could also happen to any GM OnStar vehicle.

[enigma-2]

This can happen to any FCA vehicle with UConnect. It could easily happen to our Durango as well. Probably could also happen to any GM OnStar vehicle.

Actually, they stated that any car that can connect to the Internet through the phone is vulnerable. Chrysler engineering worked with them and verified the concept. Hope some irresponsible idiot doesnt figure it out and make it public.