Hackers Remotely Kill a Jeep on the Highway—With Me in It

[Adam]

..is the title of the Wired article.

http://www.wired.com/2015/07/hackers-re ... p-highway/

Turns out the Uconnect info-tainment system has cellular access via Sprint. For convenience or something. It also has various controller modules accessible from it with REWRITABLE firmware.

Charlie Miller (of PWN-to-OWN fame) and Chris Valasek were able to use this connection to upload custom firmware that let them access the drivetrain's CAN bus. THROUGH THE INTERNET. From the comfort of their couch, they were then able to:

• Track the vehicle with GPS
• Read all sensor data
• Control the instrument panel
• Control the audio system, including locking out the in vehicle controls
• Control the throttle and lock out driver control
• Turn off the engine and lock out driver control
• Put the transmission in neutral and lock out driver control
• Disable or apply the brakes
• Control the vehicle steering when in reverse (for now)

After a quick scan of the Sprint network, they found 471,000 vulnerable vehicles. That's just in the US. I'm sure that this info-tainment system is deployed on other carriers in other countries. They plan on speaking about some of the components of this hack at Black Hat this summer.

Chrysler (Fiat) has a patch, but it can only be applied via a USB stick or dealership using their fancy laptops.

Time to keep driving my (nearly) pre-internet car.

[kevm14]

My CTS-V no longer has the OnStar module connected. My SRX does.

I mean the problem/cause in a nutshell is pretty simple:

A) Cars were historically a standalone system and a "cyber" posture consisted mainly of locking down the ECU to avoid competitors looking at the code or (sometimes) owners flashing their own powertrain control firmware. You required physical access to the vehicle for this.

B) In the new world order, we've added systems that talk to the outside world, and also to these previously standalone systems. But apparently there was a Systems Engineering failure here because no one looked at the resulting overall system to gauge cyber vulnerability. Or, concerns that were raised were dismissed. One or the other.

I would also argue that standardization and increasing use of COTS (decreasing use of proprietary HW/SW) has also added to the cyber vulnerabilities we are seeing. One of those pesky byproducts.

However, there is so much low hanging fruit even while retaining the use of industry standard HW/SW products, and everyone should be doing that stuff.

What that means is when someone can port scan a system, identify the OS (which will usually be something familiar, like a Linux), and then figure out what the known attack/access vectors are, you have to do a little more than nothing to prevent malicious acts.

[Adam]

What that means is when someone can port scan a system, identify the OS (which will usually be something familiar, like a Linux), and then figure out what the known attack/access vectors are, you have to do a little more than nothing to prevent malicious acts.

Chrysler's UConnect 8.4 (the size of the screen, used in the attack) is built on QNX, a real-time Unix build by RIM. Of Blackberry fame. Fun info:
http://www.allpar.com/corporate/tech/uconnect.html

In other news, Fiat's UConnect 5 implementation is built on Windows Embedded.

[Adam]

From everything I've read about these systems, they are completely porous. Regardless of which OS or H/W platform it is built on. The real risk of these implementations is the designers not segregating the infotainment system from the powertrain control system. There are legitimate reasons for some access, like the On Star "unlock your car" feature, but providing direct CAN access to do it is the wrong answer.

[Adam]

... providing direct CAN access to do it is the wrong answer.

What really needs to happen is moving past CAN-based systems. The CAN protocol was designed before security was a consideration in computer system design. There is no message encryption or even authentication built into the protocol, although a manufacturer could implement some level of authentication on top of the system if they were so inclined, but it is not part of the standard.

[bill25]

I totally agree with keeping the infotainment system completely separate from powertrain/steering/braking etc. If there are things to display in the infotainment displays they could add another read-only stream separate from the CAN system. The CAN system shouldn't be accessible via the internet or Bluetooth. It really shouldn't be accessible unless there is a hard wire connection. Just my opinion.

[kevm14]

http://autoweek.com/article/recalls/fca ... dailydrive

The old guard IA/security people would tell you the issue is with OS selection. These days, as you guys mentioned, it's driven by smart architectures rather than a particular OS choice.

[Fast_Ed]

Wow, thank god it's Sprint! I'd be worried if there was some sort of reliable data connection.

Oh no, my car's out of control... No wait it's fine again. good thing we passed through that 'coverage zone' so fast...

[kevm14]

That.....amused me.

[Bob]

I am surprised the Viper was listed under affected vehicles. I didn't realize there was any tech inside.