Hacked Jeep Cherokee exposes weak underbelly of high-tech cars
The Jeep Cherokee brought to a halt by hackers last week exposed wireless networks as the weakest link in high-tech vehicles, underscoring the need to find fast over-the-air fixes to block malicious intrusions.
Features that buyers now expect in most modern automobiles, such as driving directions and restaurant guides, count on a constant connection to a telecommunications network. But that link also makes cars vulnerable to security invasions like those that threaten computers in homes and businesses.
"The Jeep case was a great example of how it's not about the vehicle itself, but the network," said Thilo Koslowski, an automotive-technology analyst at Gartner Inc. "Once these systems are connected to the outside and start to talking to each other, that's when the problems start."
The hack forced Fiat Chrysler Automobiles to recall 1.4 million vehicles and ask Sprint Corp. to issue a temporary fix over its network. In that controlled demonstration, two security experts accessed the Jeep's Uconnect infotainment system via Sprint's network, hijacking basic functions and stopping the vehicle from miles away. The duo are scheduled to show their feat again at the Black Hat USA 2015 hackers conference, which starts Saturday.
While previous hacking demonstrations took place with a direct cable link into cars' diagnostics ports, the over-the- airwaves hack by Charlie Miller and Chris Valasek, conducted for Wired magazine, required no physical access to the Jeep to shut it down.
Miller and Valasek informed Chrysler of the flaws they exploited, giving engineers time to make fixes. When they discuss the car hack again at Black Hat on Aug. 5 in Las Vegas, security professionals will get a look at the duo's discoveries, while automakers and telecom companies will get a peek into a possibly unpleasant future.
After the initial hack, Sprint pushed out a network-level fix to block this specific attack, although the researchers said they could still access the Jeep in different ways, leaving open the possibility for other attacks. Fiat Chrysler said it's not aware of any real-world unauthorized remote hacks into any of its automobiles.
General Motors has a team working on cybersecurity and has hired Harris Corp.'s Exelis and other firms to develop anti-hacking systems, according to Mark Reuss, the Detroit automaker's executive vice president for global product development. GM has also worked with the U.S. military and with Boeing on securing systems, he said.
Stories that may interest you
Mountain Pass is the only mine in the United States that harvests rare-earth elements, the raw ingredients used to produce high-tech products such as smartphones, wind turbines, electric vehicles and fighter jets.
President Donald Trump's unpredictable trade moves are making some small businesses increasingly uncertain about foreign trade
State coming to aid of former patients of InHealth Connecticut, which recently closed doctor's offices in Mystic, Norwich and Willimantic.