Remotely Controlling a Jeep

Charlie Miller and Chris Valasek, frontier vehicle hackers, are at it again, this time they remotely controlled a jeep from about 10 miles away.

Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot has one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country.

Miller and Valasek have been sharing their research with Chrysler for nearly nine months, enabling the company to quietly release a patch ahead of the Black Hat conference. Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic. That means most vehicles affected by the vulnerability, will probably stay vulnerable until they start getting hacked.

Miller has scanned Sprint’s network multiple times for vulnerable vehicles and recorded their vehicle identification numbers. Plugging that data into an algorithm sometimes used for tagging and tracking wild animals to estimate their population size, he estimated that there are as many as 471,000 vehicles with vulnerable Uconnect systems on the road.

Are insurance companies looking at adjusting their rates? Perhaps it’s time to think about that.

This entry was posted in Security Blog and tagged , , , , , , , , . Bookmark the permalink.