Fiat Chrysler Automobiles is recalling 1.4 million vehicles to update software to prevent some models from being hacked by two expert hackers with experience finding holes in the security of a variety of systems.
Charlie Miller is a security expert working for Twitter. He’s famous for hacking iPhones and Apple products, finding holes in iOS and Android OS. Chris Valasek is the Director of Vehicle Security Research at IOActive. The two of them teamed up and were able to take control of much of the car’s systems over the internet, thanks to the connectivity provided in the infotainment head unit.
In the video from Wired, the two take over the Chrysler SUV’s brakes, climate controls, display, wipers, more and even shut down the engine. They can also track the vehicle via GPS. Without ever being near the car, all over the internet.
Fiat Chrysler Automobiles is issuing a security update patch, though they note that they have not seen any instances of hacking beyond this one. They also claim that unauthorized remote manipulation of a vehicle is a criminal act. The vehicles affected are:
• 2013-2015 MY Dodge Viper specialty vehicles
• 2013-2015 Ram 1500, 2500 and 3500 pickups
• 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
• 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
• 2014-2015 Dodge Durango SUVs
• 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
• 2015 Dodge Challenger sports coupes
Chrysler used the Sprint cellular network for the connectivity, and the companies have been working together to take network-level security measures to block attacks like this. Valasek tweeted that he had tested the attack again and that it had effectively blocked his attacks:
Fiat Chrysler Automobiles is taking this seriously. And the rest of the industry should, as well. V2V communication is becoming necessary and will need to be standardized. Congress is working on the rising car hacking threat, with Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee introduced legislation that would direct the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to secure our cars and protect drivers’ privacy. The Security and Privacy in Your Car (SPY Car) Act also establishes a rating system — or “cyber dashboard”— that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards.