Hackers Demonstrate How Easy It Is To Hack Into A Car From Miles Away
Last week, I suggested that car manufacturers needed a “Patch Tuesday” to ensure that the driving public is safe(er) because of some high profile recalls due to software bugs that were safety related. I didn’t address security and given this video from Wired Magazine, I perhaps should have. In short, a couple of security experts have shown how easy it is to hack into a car from miles away. In this case a Jeep Cherokee via the Uconnect system in the car. What they managed to do should scare you. But I won’t spoil the surprise. Watch this video to see what they did:
As you can see, they were able to control, steering, brakes and the engine among other things.
Here’s why it should scare you:
- Software companies for the most part are used to responding to people finding security holes in their software. But this is a new concept to car companies.
- Car companies are also not used to hunting for these sorts of bugs. Thus it is likely all sorts of vulnerabilities like this exist. Which means that it is likely that in the era of the connected car that any car can be pwned.
- Let’s pretend for a second that car companies are able to respond to issues like these. How do they get patches to end users? Tesla does over the air updates. But no other car company comes close.
Now the people who found these holes in Uconnect reported these holes to Chrysler and gave them time to fix their issues via a software update which you can likely find here (have your VIN number handy). But the only people who will know to upgrade their Uconnect systems are those who are aware of this issue. That’s why the “Patch Tuesday” article that I wrote is so timely. The car industry needs to get something like this out to drivers quickly given the scope of the issue. There’s also one other issue. Someone with less honorable intentions could cause a lot of mayhem via exploits like this. Thus one wonders what the car industry is doing to protect drivers. That’s something that I really would like to know and the car industry needs to articulate that sooner rather than later.
July 22, 2015 at 4:38 pm
Wow, this is pretty scary. Kind of makes you wonder if the advantage of a connected car is worth the risks of having it hacked. Let’s hope the car manufacturers get on fixing bugs like this ASAP.
April 25, 2017 at 3:56 pm
[…] this report isn’t that bad in the grand scheme of things. As evidence, I will present to you the Jeep hack which hackers as a proof of concept took complete control of the vehicle remotely via the Internet […]
May 2, 2018 at 12:17 pm
[…] the Jeep hack were a security researcher pwned a Jeep remotely to the point they could control it, which in turn […]
January 12, 2023 at 8:50 am
[…] is going to happen to car owners. The best example of this that I can think of is when researchers took control of a Jeep remotely and was able to gain complete control of the car. That led to a recall to fix this along with a […]
August 12, 2023 at 4:48 pm
[…] by hackers. Fiat/Chrysler who is now known as Stellantis found that out a few years ago where some white hat hackers demonstrated that these cars can be fully taken over remotely. Which in turn led to a huge […]