Not too long ago, securing a vehicle from anyone meant removing the faceplate off your CD player, attaching a Club over the steering wheel, and locking all of your doors. But times and vehicle technology have changed. As most modern vehicles are increasingly built for online connectivity using the latest’s high tech onboard GPS navigation and entertainment systems cyber thieves just recently exposed the scary truth that our Internet-connected vehicles are now just as susceptible to malicious hacking as our household computers are.
If you think you are safe driving your Internet-friendly high tech new vehicle, think twice! A security report has just surfaced stating that in a controlled test a pair of veteran cybersecurity researchers, one of which I may add a former staffer at the NSA, successfully showed that they could manipulate and hack into one of Fiat Chrysler’s Grand Cherokee models while sitting on their couch using just a laptop and a mobile phone.
To do this the researchers were able to take control of the vehicle by hacking into the Internet connected on-board touch screen entertainment system. Chrysler now offers a dashboard system called ‘uConnect’ as an option of some of their new models, though it looks like this they’ve offered this technology since late 2013. The Uconnect system offers a hands-free way to access your GPS, entertainment, phone, and navigation, while at the same time providing Wi-Fi for anyone in the vehicle. Uconnect even offers mobile apps you can use to lock and unlock your vehicle as well. You can find out more about this type of technology at their website located at www.driveuconnect.com.
Because the Uconnect system maintains a constant connection to the Internet, the researchers were able to determine the Jeep’s Internet address, hack in and send their own commands through the Jeep’s entertainment system to its dashboard functions, gaining control of the steering, brakes, and transmission. Again, all of this done from their couch with just a laptop and cell phone while the Jeep was kilometres away driving down the highway.
Based on their released data and results, these two researchers were able to control the radio, air conditioning, windshield wipers, and manipulate the picture on the on-board dash display. Also, they were able to track the Jeep’s GPS coordinates, measure its speed, but most importantly, they were able to disable the Jeep’s breaks and engine leaving the person behind the wheel frantically pumping the pedal of this 2-ton SUV as it slid uncontrollably into a ditch. Again, all of this done from the convenience of their couch using a cell phone, as the connection point to the Internet, and a laptop, as their hacking tool.
Chrysler announced a voluntary recall of 1.4 million cars and trucks, which includes Dodge, Jeep and Ram vehicles, due to concerns they are vulnerable to hacking. They are also issuing a software fix that can be downloaded onto a thumb drive and manually installed or they will do this update for you if you bring in the vehicle. One thing to note here, this does not include any Canadian Chrysler vehicles as of yet. So, I’m unsure if they are affected or not.
So, if history repeats itself, and it usually does, every time new technology emerges, there’s normally a general rush by car manufactures to include some aspect of it in their vehicles in order get consumers excited and ultimately sell more cars. In this case the new and attractive tech is the uConnect system and with its dedicated connection to the Internet.
Unfortunately though, most manufactures do a very poor job implementing security for vehicle technology providing little or no security measures such as basic firewalls, sender verification checks, or even anti-virus; much akin to computers in the 1990’s really. It is obvious that car manufacturers really need to pay more attention to privacy and security if they want to include the newest technology in their cars because it could mean life or death for the driver.
