Hack­ers send wake-up call

Car builders re­spond fast to re­mote ve­hi­cle take-over

The Witness - Wheels - - FRONT PAGE - AL­WYN VILJOEN

FIAT Chrysler Au­to­mo­biles (FCA) this week re­sponded to an ar­ti­cle in Wired

Mag­a­zine that re­ported how two leg­endary hack­ers took over a Jeep Cherokee while it was driv­ing, and then pretty much did what they wanted with the big ute, in­clud­ing stalling it in front of a speed­ing truck.

Two things need to be noted about this news — it took leg­endary hack­ers Char­lie Miller and Chris Valasek years of study­ing sys­tems to get to the point where they could hack into cars re­motely; and both are con­sult­ing to the automotive in­dus­try to close the se­cu­rity loop­holes they find.

FCA re­as­sured driv­ers in South Africa the loop­hole in this case, a cel­lu­lar mo­dem em­bed­ded in the cars, is not avail­able in Fi­ats, Jeeps or Chryslers sold out­side of the U.S., since in­ter­na­tional mar­kets are cur­rently not of­fer­ing the same con­nec­tiv­ity fea­tures as the U.S. mar­ket ve­hi­cles. The au­tomaker said in a state­ment: “FCA has a ded­i­cated team from Sys­tem Qual­ity En­gi­neer­ing fo­cused on iden­ti­fy­ing and im­ple­ment­ing soft­ware best prac­tices across the com­pany glob­ally. The team’s re­spon­si­bil­i­ties in­clude de­vel­op­ment and im­ple­men­ta­tion of cy­ber-se­cu­rity stan­dards for all ve­hi­cle con­tent, in­clud­ing on-board and re­mote ser­vices.”

The group has al­ready made avail­able a patch to close the loop, which more than 150 000 own­ers in the U.S. can ac­ti­vate ei­ther at a dealer or by in­sert­ing a USB drive into their au­dio sys­tems. Cadil­lac and In­fin­ity, which have the same vul­ner­a­bil­ity, ac­cord­ing to the hack­ers, have not yet made public their re­ac­tion.

Both Miller and Valasek are based in Mis­souri, and the pair chal­lenged their usual vic­tim, Wired re­porter Andy Green­berg to sub­mit to another hack­ing test in a car. In 2013, they ca­bled up to a Ford Es­cape and a Toy­ota Prius and dis­abled brakes, ac­ti­vated the hooter, the pre­ten­sioner on the seat belt and the elec­tric steer­ing wheel mo­tor.

But back then they needed to plug into the ve­hi­cles’ on­board di­ag­nos­tic port to hack these sys­tems and the car in­dus­try largely ig­nored their warn­ing.

Two years later, “car­jack­ing has gone wire­less”, wrote Green­berg, ex­plain­ing the hack­ers have now sent out a wake-up call to the in­dus­try by show­ing how they can find and take over any Chrysler car with Ucon­nect any­where in the U.S.

With Green­berg, the hack­ers first turned on the cold air, then they turned the vol­ume up full, play­ing Kanye West through the stereo and fi­nally they flashed up a pic­ture of them­selves on the car’s con­sole and set the wind­screen wipers go­ing full blast, squirt­ing clean­ing fluid onto the wind­screen to make it dif­fi­cult to see.

Green­berg thought the photo was a nice touch, but was left feel­ing pow­er­less by all the other tricks, which it turned out were just the warm-up for the main event. The hack­ers next turned off the en­gine, leav­ing Green­berg coast­ing slower and slower on a busy free­way as a big truck raced up be­hind him.

Green­berg fi­nally steered the car onto the shoul­der of the high­way, only to find he had no brakes as he help­lessly slid the two-ton Jeep into a ditch.

The pair have since showed FCA how to close the dig­i­tal loop­hole, but they can still track cars with­out us­ing the patch through on-board GPS, plot­ting on a map in real time just like they do in any Bond movie.

Since the ar­ti­cle ap­peared last week in Wired, the U.S. Se­nate set new dig­i­tal se­cu­rity stan­dards for cars and trucks.

The se­nate stated it was not in re­sponse to the hack­ers’ wake-up call, but as part of a gen­eral ef­fort to en­sure stan­dards of dig­i­tal safety and pri­vacy of cars within the next five years.


A jour­nal­ist ended up coast­ing into a ditch af­ter hack­ers Char­lie Miller and Chris Valasek showed how they could take over any ve­hi­cle with a GPS link.

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.