A day doesn’t go by without news of hackers stealing credit card numbers, accessing back accounts, even shutting down websites they don’t like. But surely when driving home in your car you don’t need to worry about such things, right?
You may want to pull over.
At the Black Hat U.S.A 2015 conference recently held in Las Vegas, two white-hat hackers, Charlie Miller and Chris Valasek, announced that they had remotely taken over a Jeep Cherokee when it was on the road in an experiment conducted with Wired magazine.
Miller and Valasek took control of the car through Chrysler’s Uconnect infotainment system, turning on the air conditioning, changing the radio stations, activating the windshield wipers and the washer pump, and finally transmitting a photo of themselves to the digital display in the vehicle. This was all done from a laptop over 10 miles away from the car.
Why Chrysler and the Uconnect system? The pair said they chose that target because it was the most vulnerable. They shared their findings with the company, which allowed Chrysler to develop a patch for the software that addressed the problem. That patch was released a couple weeks ago; customers can download and install the update themselves or take it to the dealer who will do it at no charge.
Baby you can drive my car
In the experiment, once Miller and Valasek hacked into the vehicle through Uconnect, their software rewrote the firmware in the processor that drives the Uconnect system. That enabled them to send commands directly through the car’s internal computer network basically to any system in the car.
With the increasing computerization of car infotainment systems, hacking has been a concern. In 2010, an angry auto dealership employee in Texas disabled more than 100 vehicles remotely. There have been ongoing attempts to pass legislation to make manufacturers separate critical systems from each other, so that hackers can’t access everything in a car at one time, but those efforts haven’t gone anywhere to date.
Question is, if your car can be hacked, what about your business? At RegTec, it’s our business to help you find and address potential weaknesses in your cybersecurity.