A pair of computer security researchers based in St. Louis demonstrated weaknesses in an automobile system with cellular connectivity installed in as many as 471,000 vehicles in the US. Charlie Miller and Chris Valasek highlighted the vulnerability of the system by attacking a Jeep Cherokee equipped with the Uconnect system remotely while Wired's Andy Greenberg was driving it.
Uconnect, a "connected car" system sold in a number of vehicles produced by Fiat Chrysler for the US market, uses the Sprint cellular network to connect to the Internet and allows owners to interact with their vehicle over their smartphone—performing tasks like remote engine start, obtaining the location of the vehicle via GPS, and activating anti-theft features. But vulnerabilities in Uconnect, which Fiat Chrysler has issued a patch for, made it possible for an attacker to scan Sprint's cellular network for Uconnect-equipped vehicles, obtaining their location and vehicle identification information. Miller and Valasek demonstrated that they could then attack the systems within the car via the IP address of the vehicle, allowing them to turn the engine of the car off, turn the brakes on or off, remotely activate the windshield wipers, and take control of the vehicle's information display and entertainment system.
Miller and Valasek also found that they could take remote control of the steering of their test vehicle, the aforementioned Jeep Cherokee—but only while it was in reverse.
Read 2 remaining paragraphs | Comments