How hackers can control your car from miles away

[RV_]

This is a video report from the Washington Post. The entire printed article is this:

 

"July 22, 2015 7:02 AM EDT - Internet researcher Charlie Miller shows The Washington Post how a hacker can break into a car's computer and control everything from the brakes to the engine. (Jorge Ribas / The Washington Post)

But if you can watch a video this is scary. A hacker took his Jeep, found a vulnerability, hacked it, and is able to control it without permission from the driver.

 

We can be crashed if hacked among other things.

 

Watch the short video here: http://www.washingtonpost.com/posttv/business/technology/how-hackers-can-control-your-car-from-miles-away/2015/07/22/ca4beb62-3061-11e5-a879-213078d03dd3_video.html

[Biker56]

Does your Dodge truck have that computer in it?

[StarDreamers.us]

Read there may have been a problem with the carrier SPRINT. A patch maybe available??

 

Safe Travels!

[RV_]

Mine's a 2006 Dodge. I doubt I have the "High end Head" they reference. In fact I have no idea what they mean by that, and I am sure that was his intent. Not to show how until the car companies have a chance to "patch" their systems. He did say that his hack only applies to Chrysler. But he also indicated that is theoretically the case for all of the computerized vehicles out there. He only had his own Jeep to crack.

 

The mile and a half range seems to indicate a direct control not a cell control or there would be no glitch unless it is while they are both in/on the same cell/tower.

[RV_]

My HHR is newer, 2009. But it is the LS, or standard feature set.

[Dutch_12078]

Apparently only the FCA vehicles that are "Uconnect" enabled for Internet access are vulnerable so far. And FCA/Uconnect has already released a recall and patch that can be downloaded and installed via a USB mem stick or by the dealer on eligible vehicles.

[Ronbo]

He was in the phone with the hackers (a research group) and they hacked with his permission, knowledge, scheduling and coperation. It has not been made clear if it could in fact happen without your knowledge and cooperation.

[Dutch_12078]

He was in the phone with the hackers (a research group) and they hacked with his permission, knowledge, scheduling and coperation. It has not been made clear if it could in fact happen without your knowledge and cooperation.

 

Apparently the answer is "Yes, it can be done without your knowledge or cooperation ." This Wired article gives a lot more details of the reporter's experiences and other info.

[Biker56]

My car can send a Vehicle Health report through my Blue tooth attached iPhone to Lincoln.

And I can then go see the report on my PC, plus they send me a email report. They even know the total miles on it when it is done.

I just did one yesterday while stopped in line at a road construction area.

Only thing I have to do is leave the engine running while it is doing it. Probably takes less then 1 minute.

 

Vehicle Health Report

View Vehicle Health Landing

2014 Lincoln MKS

Vehicle maintenance information as of: July 22, 2015 for your 2014 Lincoln MKS

Vehicle Diagnostic Overview

Odometer: 4,864

From your engine, transmission, brakes to fluids, these important vehicle diagnostic and factory notifications will help let you know when service is required and will make taking care of your vehicle easier.

View details

Oil Life: 20%
Status: OK

Your vehicle's Intelligent Oil Life Monitor uses actual engine and operating conditions to calculate when you need an oil change. The computation takes into account your driving habits when determining when it's time to change the oil. The Oil Life Remaining percentage you see is the calculation sent from your vehicle when this report was sent.

You still have Oil Life Remaining. Your vehicle Intelligent Oil Life Monitor uses actual engine and operating conditions to calculate when you need an oil change, instead of having to follow a preset schedule. Keep in mind, if it's been a year or 10,000 since your last oil change, you will need to change your oil.

If you have changed your Oil since running this Vehicle Health Report, please re-run as this data is now inaccurate.

View details

Engine, Transmission & Emissions
Status: OK

About Engine, Transmission & Emissions

Your gasoline or diesel engine's power is delivered to the driving wheels by the transmission. The transmission uses gears, electro-hydraulics, and sensors to optimize vehicle performance.

Your on-board computer monitors gasoline or diesel engine performance, adapts automatic transmission shifting (if equipped), optimizes diesel cold weather starting, controls emissions and balances performance with fuel economy.

Your hybrid or battery electric vehicle's high-voltage battery powers your electric motor, which transfers power to the driving wheels through the single speed transmission. Your hybrid or battery electric vehicle's on-board computer monitors your electric motor, battery, and transmission to provide you with optimal range and performance.

If equipped, your vehicle's 4WD or AWD system delivers engine power to all four wheels through the transmission, transfer case, and driveshafts. An on-board computer monitors the 4WD/AWD system and reports to you.

View details

Brakes & Suspension
Status: OK

About Brakes & Suspension

Your vehicle's Anti-lock Braking System helps maintain steering control during emergency stops by keeping the brakes from locking.

Your hybrid or battery electric vehicle's Regenerative Braking system helps achieve maximum energy-efficiency by capturing some of the energy normally lost as heat during braking, and recycling it to recharge your battery.

AdvanceTrac with RSC system (if equipped) provides stability enhancement features for certain driving situations. Air suspension (if equipped) enhances ride and handling. The Trailer Brake Controller (if equipped), when used properly, helps ensure smooth and effective trailer braking. Hill descent (if equipped) helps you to set and maintain vehicle speed while descending steep grades regardless of surface conditions.

On-board computers monitor these systems and report to you.

View details

Restraints & Driver Assistance
Status: OK

About Restraints & Driver Assistance

Your vehicle is equipped with safety belts and an air-bag Supplemental Restraint System.

Intelligent Key access (if equipped) unlocks your vehicle when you approach and also allows you to start it without putting a key in the ignition lock cylinder as long as the key is on you or in the vehicle.

Active Park assist (if equipped) can steer the vehicle into a parking space while you control the accelerator, gearshift and brakes. Reverse Sensing System (if equipped) can warn of objects near the rear bumper when backing up. Blind Spot Information System (if equipped) can detect if a vehicle is in your blind spot. Cross Traffic Alert system (if equipped) can detect vehicles approaching from either side when backing out of a parking spot.

Adaptive cruise control (if equipped), adjusts speed to maintain a pre-set distance between you and the vehicle in front in the same lane. Collision Warning with brake support (if equipped) can alert you of certain collision risks. Lane Keeping System (if equipped) can detect drifting toward the outside of the lane.

Hill start assist (if equipped) automatically prevents the vehicle from rolling back or forward (when in reverse) on a slope by momentarily holding brake pressure when the brake pedal is released.

On-board computers monitor these systems and report to you.

Hide details

Checks, Fluids & Filters
Status: OK

[Lou Schneider]

In the Chrysler case, the vulnerability comes from putting the net enabled entertainment center on the same data and control buss as mission critical vehicle systems. The hacker merely figured out to spoof legitimate vehicle control commands using the hijacked entertainment center, then how to locate vulnerable vehicles on the net.

 

The demonstration was done over a relatively small area, but could have been performed from anywhere in the Sprint wireless coverage area - i.e. nationwide.

 

All of the necessary information was available via widely published service manuals and technical notes. All it took was someone to do the research and put it all together.

 

This is very similar to a few months ago when someone demonstrated they could hack into, read data from and issue operational commands to the Boeing 777 flight control system via the in-cabin wifi network. If I remember correctly they briefly throttled back the engines while the aircraft was in level flight but could have done far more if they wanted.

 

Fortunately, both of these vulnerabilities were discovered and demonstrated by white hat hackers, not the bad guys.

 

But both reveal sloppy engineering and a surprising lack of basic security protocols. Yes, the vulnerabilities have been patched - via software - but software can be compromised by anyone sufficiently motivated to do so. I read the Chrysler patch merely closes the port the hacker used to get from the entertainment center to the control buss. A quick fix for this particular hack but hardly insurmountable.

 

What's really needed is an air gap - a complete lack of connectivity - between something like a net accessible entertainment center or a wifi network accessible to the general public and the mission critical vehicle systems.

 

This also raises questions about Bluetooth and wifi enabled implanted medical devices like insulin pumps and pacemakers. If doctors can remotely monitor and control these devices, what's to stop a dedicated hacker from doing the same?

[Ray,IN]

Very small risks IMO, even when the auto is vulnerable, unless a way is figured out to do an en-mass hack for internet-enabled vehicles. For years police, working with the mfgr, have had the ability to put a vehicle in "limp mode" if required.

[dsimpson]

Anybody planning on buying a Chrysler vehicle soon?