It sounds like the problem straight out of science-fiction movie, but the threat has never been so real. Two hacker Charlie Miller and Chris Valasek, managed to remotely take control of the Jeep Cherokee. Controlled air conditioning, radio, wipers, cut off the ignition while driving on the highway, suddenly joined, and then completely de-activated brakes, changed gears, and even performed maneuvers. All this is done on a laptop. To this can also track the exact location and speed of a moving vehicle on the other side of the United States.
susceptible models is, however, much more, and not just the production of Chrysler. Currently on the road in the United States alone could be 471,000 cars vulnerable to remote attacks. This is not a problem that may arise in the future, but something that has to happen.
What and how?
Miller Valasek deal security for many years. In 2013, they became famous for taking control of the Ford Escape and Toyota Prius (turned off the brakes, took control of the wheel, manipulated the safety belt pretensioners), but then a lot of people marginalized the their achievement, because it requires the connection of the cable car system diagnostics. This time, however, you can launch remotely attack, while even thousands of kilometers away from the goal.
Such an attack is possible thanks to new audio systems mounted in cars. For many years, cars are full of electronics, but they recently began to add Bluetooth antenna, Wi-Fi connectivity and even connect to the Internet over the cellular network. In the case of the Jeep Cherokee Miller and Valasek they used the factory-fitted system Uconnect , which controls the radio, air conditioning, combined with our mobile, giving access to navigation, and also turns the entire vehicle in a Wi-Fi hotspot. It is this latter, available in the United States by Sprint, allows hackers remote access to almost all functions of the car. Hackers connect to the audio system, and it jump to the lower vehicle control function.
Fig. Uconnect
It’s worse than we thought
At first, Miller and Valasek thought that remote access to the car will only be possible in the near distance from the vehicle . First thought that would be needed direct connectivity via Wi-Fi, then speculated that the laptop must be within the same GSM transmitter, until it turned out that just 3G Internet phone on the Sprint network to be able to view a list of vehicles with the Uconnect in the United States and launch an attack.
About what a hacker could do with our car convinced Wired reporter Andy Greenberg, who went Jeep Cherokee on the highway, when Miller and Valasek launched their attack. From a distance of 15 km, using a laptop and a cheap smartphone with Sprint card, first podkręcili air conditioning, then joined and zgłośnili radio (except at the controls in the car), joined the wiper and washer obscuring visibility, then cut off the ignition. As if that was not bad enough, in more controlled conditions also played brakes, including deactivating them or completely, changed gears and even control a car (although for some reason at the moment can only do so in reverse).
The above list should be enough to scare healthy automobile manufacturers and their customers. In the end, we are not talking here about the leakage of private pictures of clouds, but a threat that could cost lives.
What cars can be dangerous?
The truth is that virtually every new car, no matter what brand, may be at risk. Manufacturers are developing new entertainment and communications systems without investing a lot in security. Chrysler, a company that produces Jeeps, after receiving information about the vulnerability has released a patch to your firmware (installation requires a visit to the site or download the software from a USB memory stick). Despite this, and so, to force the company to attach greater importance to security, Miller and Valasek reveal part of the code at this year’s conference Black Hat in Las Vegas.
The World Knows how to remotely take someone’s car. We hope that the producers feel that this is not the distant future, but something is happening here and now.
[For: Wired]
No comments:
Post a Comment