Originally published August 26 2015
Fiat-Chrysler recalls 1.4 MILLION vehicles after hackers expose them as deadly remote-controlled weapons
by David Gutierrez, staff writer
(NaturalNews) In an unprecedented security recall, Fiat-Chrysler has revealed that 1.4 million of its internet-enabled vehicles can be taken over and remotely operated by hackers. The security vulnerability was recently broken by a story in Wired Magazine that showed that a "zero-day exploit" hack (taking over a vehicle simply by knowing its IP address) was more than just a theoretical possibility.
In the article, Wired journalist Andy Greenberg drove a Jeep while hackers Charlie Miller and Chris Valasek took over the car a little bit at a time. Greenberg notes that as far back as 2013, Miller and Valasek successfully hacked a Toyota Prius from the back seat while he drove. In that incident, however, they had to physically plug into the car's onboard diagnostic port to do so.
"A mere two years later, that carjacking has gone wireless," Greenberg writes.
Surveillance and sabotageA zero-day exploit is now possible because in the past few years, auto makers have been hard at work making "smart" cars to go along with people's "smart phones." Many cars now feature internet connections through features such as Chrysler's UConnect, which even includes a mobile Wi-Fi hotspot. The only problem is that the computer that enables users to connect to the Internet is the same computer that controls everything from the car's entertainment system to its climate to its steering and brakes.
Greenberg recounts how the hackers took control of his air conditioner, changed his radio station and volume, and caused his screen to display their photos. They then disabled his brakes and turned off his transmission. Miller and Valasek say that they are also able to control the vehicle's steering (although only when it is in reverse, so far), and hijack its GPS system to track the vehicle and even map its progress in real time.
After the publication of the Wired story, Chrysler -- which had actually been in contact with Miller and Valasek for months -- issued a press release admitting the security flaw in certain Jeeps, Rams, Dodges and Chryslers. The company urged anyone with such a vehicle to bring it in for a security upgrade; the patch can also be installed via USB drive. Customers can enter their Vehicle Identification Number (VIN) at http://www.driveuconnect.com/software-update/ to find out if their car is affected.
Turning up the heat on auto makersWhen interviewed by Wired, Chrysler expressed annoyance at Miller and Valasek's plans to publicize some of the code they used to hack the Jeep. The company claims that this might place people's safety at risk.
Miller and Valasek take the opposite position, saying that sharing the information with other programmers will help strengthen security in the long run. Perhaps even more importantly, releasing the code pressures car makers to tighten up their security holes more quickly.
"If consumers don't realize this is an issue, they should, and they should start complaining to carmakers," Miller said. "This might be the kind of software bug most likely to kill someone."
As far back as 2011, researcher from University of Washington and the University of California-San Diego (UCSD) were able to remotely disable the brakes on a sedan, but they chose not to publicize the code they used. Instead, they conferred privately with the car maker.
However, that incident did not lead to any noticeable progress in wireless auto security. Miller and Valasek's approach is designed to turn up the heat on auto makers.
"The regulators and the industry can no longer count on the idea that exploit code won't be in the wild," said UCSD researcher Stefan Savage, who worked on the 2011 study. "They've been thinking it wasn't an imminent danger you needed to deal with. That implicit assumption is now dead."
Zero-day hacks are not just a problem for Chryslers or automobiles in general. Similar techniques have demonstrated the potential to hack into boats, planes, smart homes, drones and even GPS-targeted munitions.
Sources for this article include:
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml