Two well-known security researchers have discovered a vulnerability in cars of Chrysler manufacturer, making it possible to remotely activate the brakes of hundreds of thousands of vehicles, and also to turn off to turn off the motor at low speeds.
It is also possible to control the climate control system and to control the radio, and windshield wipers. The researchers are working on the possibility to take control of the wheel. Currently this is only possible if the car is in reverse. The problem is in Uconnect, a component that gives the cars online capabilities and that the entertainment and navigation are operable. The functionality even offers a wifi hotspot and makes phone calls possible.
Uconnect allows anyone with a vehicle connection as long as the IP address of the car is known. After the connection had been made with a car managed researchers Charlie Miller and Chris Valasek therein in order to adapt the firmware of the system. This custom firmware can then send instructions via the internal network of the car to the physical components such as the engine and the wheels.
The attack would work on any Chrysler vehicle features Uconnect and the end of 2013, has been delivered in 2014 or early 2015. According to researchers, there would be an estimated 471,000 vulnerable cars are in the United States. The researchers will present their work at the upcoming Black Hat conference demonstrated, in which part of the exploit will be published, reports Wired .
Update
Chrysler was almost nine months ago already informed by the researchers. The manufacturer warned car owners on July 16 that an update was available. However, it is a cryptic message saying that a software update is available that improves the cars' electronic security "and communication systems, without letting you know what the impact of the vulnerability can be repaired. An additional problem is that the update of Chrysler manually using a USB flash drive must be installed. Users can do this yourself or have it done through the dealer. However, chances are that this many vehicles will never receive the update.
No comments:
Post a Comment