Jeep Software Flaw Gives Hackers Total Control

If you drive a Jeep, beware of hackers. There is a security flaw in the JeepEUs CherokeeEUs Uconnect vehicle-connectivity system. Two white hat hackers -- Charlie Miller and Chris Valasek -- tapped into the flaw while a reporter drove the vehicle down the highway.

The hackers successfully -- and remotely -- turned up the radio as loud as it would go and turned on the windshield wipers. If that seems fairly benign, wait until you hear this: They also cut off the transmission and disconnected the brakes. The Jeep ended up in a ditch.

It took a year for Miller and Valasek to figure out a way to exploit the vulnerability. The duo will share how they did it at the Black Hat security conference in Las Vegas in August, but the short story is the flaw allowed them to inject malware into the system for remote control. Fiat Chrysler issued a software patch for the flaw last week.

Shocked and Dismayed

We caught up with Andrew Conway, research analyst at intelligent network security firm Cloudmark, to get his reaction to the Jeep hack. He told us he was shocked to discover two months ago that the entertainment systems on some airliners were on the same networks as their flight control systems.

There is no justification for passengers to have access to ports that could potentially give them the ability to control the engine or steering, Conway said. Now, heEUs even more shocked to discover that major car manufacturers apparently think itEUs acceptable to have the brakes, steering, and transmission of an automobile controlled by a network that is also connected to the Internet.

EUThere are lots of good reasons to connect a car to the Internet -- navigation, entertainment, phone calls, weather forecasts -- but there are no good reasons to...

Comments are closed.