Chrysler's Uconnect Vulnerability Can Lead to Steering Wheel Hijack
FREMONT, CA: A team of two researchers revealed the vulnerability of Chrysler vehicles to cyber attacks, reports Andy Greenberg for Wired who was a part of the vulnerability test.
Uconnect is an Internet-connected computer feature present in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks. It controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. By using Uconnect, anyone who knows the car’s IP address can access all its information from anywhere, reported Jason for Jalopnik.
To remotely hack Jeep Cheroke, the researchers used the Uconnect system as a gateway into the car to gain access to the Jeep’s infotainment system headunit. On reaching the headunit, they re-wrote it and got access to the entire CAN bus of the car essentially, the car’s nervous system. They used the access to do stuffs, like control of the wipers, brakes, throttle and even some limited control of the steering.
“That’s how they were able to wirelessly disconnect the Jeep’s engine with me behind the wheel, and later disable the brakes to send me rolling into a ditch,” reported Greenberg.
With the advancement in technology, more and more cars became connected to the internet that exposes them to hacking and unwanted access. Wireless connectivity has added fuel to this fire by enabling hackers to easily get hold of the vehicle’s infotainment system. The major reason for Chrysler being vulnerable to hacking is the inherent flaw in its wireless service Uconnect that connects their cars to the Sprint cellphone network.
The two researchers have shared their findings with Chrysler before they published their report, giving Chrysler the chance to better vehicle security. They have been working with Chrysler for the last nine months to help the company create the patch it discreetly. The researchers have reported that the Chrysler models dated from late 2013 to early 2015 that are loaded with Uconnect and the full navigation displays are mostly vulnerable.
Chrysler released a software update for a collection of its vehicles that have an internet-connected computer feature in their dashboard known as Uconnect. The carmaker posted a notice on its website informing its customers about a “software update to improve vehicle electronic security,” reported Wired.
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Dave Doyle, CIO & SVP, IT, Regal Entertainment Group
By Sergey Cherkasov, CIO, PhosAgro
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Mike Fitton, Wireless Business Unit Director, Altera
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Thomas Musgrave, EVP & CIO, AmeriCold Logistics
By Vin Sharma, Director, Strategic Planning & Marketing, Big...
By Federico Flórez, Chief Information & Innovation Officer,...
By Barbara Adams, VP, Innovative Technology Solutions, Texas...
By John Mason, CIO, Bottomline Technologies
By Jamshid Khazenie, CTO, USA Today Network / Gannett
By Miguel Gamino, CIO & Executive Director-Department of...
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Tom Bressie, Vice President, Oracle Cloud
By John Landwehr, Public Sector CTO, Adobe
By Aaron Gette, CIO, The Bay Club Company
By Denise Zabawski, CIO, Nationwide Children's Hospital
By Amit Bahree, Executive, Global Technology and Innovation,...