Saturday, 19 September 2015

Chrysler Drivers Warned Of USB Sticks And Wifi

Owners of a Chrysler should not USB flash drives, connect memory cards or CDs from strangers on their car and ensure that the Wi-Fi network of the vehicle is secured with WPA2. It advises the Industrial Control Systems Cyber ​​Emergency Response Team (ICS-CERT), part of the US Department of Homeland Security.

The reason for the recommendation is a vulnerability in the UConnect infotainment system, which allows the operation of the vehicle can be controlled. An attacker could remotely login without credentials on the UConnect system.Subsequently, it is possible to control or information, such as to adjust the speedometer of the brake, the steering wheel and the air conditioning. Because of the vulnerability was demonstrated in July, Chrysler decided to 1.4 million cars to recall that a patch could be installed. For this, also USB sticks with the update sent to clients.

Network provider Sprint decided to block ports that attackers could communicate with the UConnect system. According to the ICS-CERT, it is difficult to develop a working attack that makes use of the leak abuse. In addition, the UConnect systems currently are unattainable because Sprint is blocking the ports, which reduces the likelihood of a successful attack.

Despite the measures adopted previously by Chrysler and Sprint advises the government organization Chrysler drivers to take protective measures. In addition to enabling WPA2 for the Wi-Fi network and avoiding unreliable media are also advised to ensure that all the connected devices and / or systems are not accessible from the Internet and remote access is still required there using a VPN must be made.

No comments:

Post a Comment