How worried should I be about my new car that has Wi-Fi getting hacked?
This question was answered on July 22, 2015. Much of the information contained herein may have changed since posting.
The security industry has been warning car manufacturers about the growing dangers of adding customer convenience technology without a strong focus on security.
The race to have all the coolest features could put customers at risk and now two prominent security researchers have unequivocally proven it.
Their previous ‘proof of concept’ hacks in 2013 required physical access to the vehicle, which caused the auto industry to shrug it off as not likely to happen.
This caused the security experts to focus on newer cars that included Internet connectivity, which they found to be much more exposed.
Car Hacking Just Got Real
A recent Wired article (Hackers Remotely Kill a Jeep on the Highway—With Me in It http://goo.gl/70rMzF) showed just how vulnerable cars equipped with the Uconnect technology are to being remotely hacked.
Unlike previous demonstrations that required the hackers to be in the back seat, they showed how a computer in the basement of a house 10 miles away could wreak havoc on a Jeep Cherokee driving on a St. Louis freeway.
They were able to remotely control everything from the climate control system to the windshield wipers and entertainment system before showing the really disconcerting part of the hack.
They were able to cut the transmission so that the car no longer could accelerate and even worse, cut the Jeep’s brakes and make minor steering hacks, which caused the test car to slide into a ditch.
Another thing the researchers showed was that they could track the vehicle using GPS coordinates, so privacy issues are also in play.
They’ve been working with Chrysler for the past 9 months to fix the vulnerability, which has resulted in a patch.
What You Should Do To Protect Your Vehicle
Anyone owning a Jeep/Chrysler/Dodge/Fiat vehicle with the Uconnect system should immediately check to see if their vehicle needs the security update by entering their 17 digit VIN at https://www.driveuconnect.com/software-update
If an update is available, users can manually protect themselves by downloading the fix to a USB drive or take it to the dealer for a free update. (Customers with questions can call 877-855-8400.)
It’s extremely important that everyone at risk protect their vehicles immediately because the researchers plan to unveil the technical details of how they did it at the upcoming Black Hat hacker conference in early August.
Their reason for sharing their research is for peer review and more importantly, to make sure that the entire automotive industry takes them serious this time.
Most and Least Hackable Cars
They’ve also compiled a 94-page report showing many other vehicles that are at risk with the most hackable being the 2014 Jeep Cherokee, 2015 Cadillac Escalade and 2014 Infiniti Q50.
They also said that the least hackable cars were the 2014 Dodge Viper, 2014 Audi A8 and the 2014 Honda Accord so the issue is not specific to any one car manufacturer.
Anyone with technology that wirelessly connects their car to the Internet should start routinely monitoring security updates from car manufacturer’s websites.
About the author
Posted by Ken Colburn of Data Doctors on July 22, 2015