wave-ebad.jpg

Riptide Blog

Chrysler Has UConnect IoT Vulnerability

Posted by Marketing on July 27, 2015

Chrysler HackingThere’s been a lot of hacking lately, dating websites, cyber warfare companies, and now --cars. Yes, you heard right, cars. The lineup of Chrysler vehicles are totally hackable! Wired author, Andy Greenburg commissioned hackers, Miller and Valasek,  to gain control of his Jeep.  These hackers can easily gain access to your car’s computer and control everything from the radio, AC, wipers, and even shutting the engine off ---wirelessly.

 

 

“Cars are a major part of the Internet of Things,” said Sen. Edward J. Markey (D-Mass.), “We’ve moved from an era of combustion engines to computerized engines, but we haven’t put into place the proper protections against hackers and data trackers.”

 

In the past Miller and Valasek were able to hack into a vehicle through the service port mechanics use to diagnose the car. Now, Miller and Valasek  are able to scan the internet for vulnerable vehicles and estimated as much as 471,000 vehicles are currently equipped with the vulnerable Uconnect system.

As the automotive industry does its’ best to keep up with the latest interconnectivity and BYOD, movement the world is heading towards, it actually made it possible to wirelessly control vehicles. UConnect, an Internet connected computer on the Sprint Network, is featured in hundreds of thousands of Chrysler Cars, SUVs, and trucks. Uconnect controls the vehicle’s navigation, entertainment, phone calls, and even offers a Wi-Fi hotspot. It also holds a vulnerable element (one that won’t be revealed until blackhat USA).

 

How Could Chrysler Have Avoided this Vulnerability?

Chrysler IoT VulnerabilityThe Washington Post describes the security of today's interconnected automotive systems as abysmal:

 

“The overall security on these automotive systems is ‘15 years, maybe 20 years behind where [computer] operating system security is today. It’s abysmal,’ said researcher Peiter Zatko, who once directed cybersecurity research for the Pentagon’s Defense Advanced Research Projects Agency (DARPA) and now is developing an independent software security research group.”

Some door was left open while developing UConnect, no doubt about it. All the control modules in the vehicles are networked together through a can bus. Access to one module is access to ALL models, the error lies there. Someone at Chrysler made it so that one module could talk to another without any firewall in place.As our Software Development Manager, Cesar Gonzalez explains:

”Low quality software and the lack of tests on software process leads to produce vulnerabilities that can ended up providing root access to the computer executing such code.  Traditional programming languages require attention to detail to prevent memory leaks or runtime errors that could produce “segmentation fault” errors that can be used to hack other parts of the system.  Software technologies are evolving  programming languages that create more secure  environments, such is the case of Rust which was created around new software security paradigms.”

 

Conclusion:

What’s noteworthy about this is that an increasingly vast array of machines have joined the Internet of Things. The fact is that security researchers have repeatedly shown that most online devices can be hacked, so it isn’t such a big surprise that hackers were able to take control of a vehicle. This doesn’t mean you need to fear IoT, Riptide software can securely integrate and use IoT for your commercial needs using only the most evolved and secure technologies available today..

 

Topics: blackhat USA, Can Bus, Chrysler, Chrysler Hacking, IoT, Riptide Software, Rust, Solutions, UConnect

Written by Marketing

Subscribe to the Riptide Learning Blog

eLearning Learning