Thursday, August 04, 2016 by usafeaturesmedia
(Cyberwar.news) Two hackers have once again managed to compromise their Jeep Cherokee, spoofing the vehicle into doing some very dangerous things like turning and activating the parking brake while traveling at highway speeds, The Verge reported this week.
The hackers are the same pair who remotely hacked their Jeep last year. This time, however, the news is not quite as alarming because the most recent hack involved physical access to the vehicle, via a laptop connected to the OBD II engine diagnostic port. Still, they were able to control many more of the vehicle’s operations.
Last year cybersecurity researchers Charlie Miller and Chris Valasek were able to compromise a Cherokee remotely. In particular, they managed to disable the SUV’s brakes and transmission and, while the car was in reverse, its steering.
All of that was made possible through existing functionality in the vehicle, such as the self-parallel parking feature, and by commanding the vehicle to do things that are within its own limitations.
For instance, the pair could only gain control of steering when the vehicle was in reverse, and below a certain speed. That’s due to the Jeep’s central computer ensuring that it could only steer itself when it was in the auto-park mode. Soon after the discovery was made Chrysler, the Jeep’s manufacturer, issued a security patch to fix the vulnerability.
But after last year’s successful hack, Miller and Valasek got jobs at Uber’s Advanced Technology Center in Pittsburgh.
The Verge reported further:
The new hack, while being more difficult to execute — the hackers were physically in the car at the time — nonetheless illustrates the dangers of connected cars. They were able to update the electronic control unit’s (ECU) firmware to disable those checks and balances, allowing them to take control of the steering at any time, not just when the car was going in reverse. They could turn the steering wheel at any speed, activate the parking brake, or adjust the cruise control settings. Theoretically, that sort of manipulation could cause someone to veer off the road or rear-end someone.
“It’s not like I can take control of the car and drive you to my house and you can’t stop me,” said Miller in an interview with Wired. “But if you’re not paying attention, it’s definitely dangerous.”
Both researchers presented their findings to the Black Hat security conference this week.
For its part, Fiat Chrysler (FCA) issued a statement to Wired stating, “While we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA US vehicles.”
The researchers confirmed that, but the hack nevertheless serves as the latest warning that vehicle cybersecurity remains a concern as more cars and trucks become connected to the “Internet of things.”
Cyberwar.news is part of USA Features Media.