NEW YORK (CNNMoney) – A flaw in several Chrysler models enables hackers to control the vehicle remotely via the Internet, which represents a danger without precedents for American drivers.
hackers can cut the brakes, stop the engine, get him off the road and upset all the electronics.
Among the vulnerable to such attacks vehicles are the Jeep Cherokee, Chrysler 200 and Dodge Ram, according to research released Tuesday.
The core problem? A flaw in the Uconnect wireless service that connects these cars to Sprint cellular network.
The researchers Charlie Miller and Chris Valasek first demonstrated magazine Wired how the attack or hacking remotely hijacking a Jeep Cherokee driven by a reporter was performed news.
“At the moment I could do that to each vehicle [Chrysler] in the United States on the Sprint network,” Miller told CNNMoney on Tuesday.
The researchers concluded that vulnerable Chrysler models are those of the end of 2013, all of 2014 and early 2015 leading Uconnect and navigation screens.
But Miller said there may be other vehicles with the same fault that so far unknown. The researchers did not test any vehicle of Ford, General Motors and other brands because they are a small team that lacks the financing to buy cars and the time to penetrate their systems.
Chrysler recognized the problem to CNNMoney on Tuesday. The automaker said it left open a communication channel not used to unwittingly allow external access to vehicle controls. And now it is offering a software update that customers must install “as soon as possible”.
However, Chrysler said that it was a recall or recall , or drivers were running that risk.
“Just like a smartphone or tablet, the automotive software may require upgraded to improve safety protection,” the company said.
Miller and Valasek noted that Chrysler presented their research last October, for the company to develop a solution. Miller said the company was “very friendly and receptive.”
How hack?
Today’s vehicles are like smartphone on wheels, and like any computer, they are vulnerable hackers . As rightly noticed in the past CNNMoney, computers in cars are still fairly rudimentary.
In 2013, Miller and showed how they could Valasek hacking a car while sitting inside. At that time, they had to physically connect a laptop to the dashboard.
But wireless connectivity, now standard on most cars, has raised the risk.
In the last experiment, Miller and Valasek used a laptop to search vehicles on the Sprint network that also had the Uconnect system.
Within seconds, these researchers can get into any “infotainment system” of a vehicle. They can turn the air conditioning up the volume on the radio and change the navigation screen.
Once inside, they can penetrate what was supposed to be a protected layer: the backbone of the car computer. They can control the brakes, the steering wheel and accelerator.
In the past, industry suppliers and automakers had assured CNNMoney that this “crossover” – switching systems to infotainment controls medulares- was impossible.
The researchers cautioned that Sprint, as operator of the network, you can also block this type of attack. Sprint did not say whether he would, but said he was “working with Chrysler to protect their vehicles.”
On Tuesday, two US Senators Edward Markey of Massachusetts and Richard Blumenthal of Connecticut filed a bill to set national standards for safety and privacy for automobiles as well as a rating system that tells you how a car is protected against cyberattacks. They called Security and Privacy in Your Car Act or Act security and privacy in your car.
Next month Valasek Miller and reveal exactly how hack the infotainment system, but not how they kidnapped the controls of the car.
Miller noted that they took them almost a year to achieve, so do not want any rascal idee how. “I’m afraid, one should not be able to remotely attack the cars as we did,” Miller said.
No comments:
Post a Comment