Latest ‘prank’ hack gets carmakers rattled


Bloomberg reported that the company responded a day after Wired magazine published a feature about software programmers who were able to take over the vehicle while it was being driven on a Missouri highway in the US.

The carmaker said in a statement that it does not know of any ‘real world’ instance where one of its vehicles has been hacked in this way.

“This is a very big wake-up call for the industry that shows they have a weakness,” said Egil Juliussen, director of research for consultant IHS’s automotive technology group. “They are worried about it and thinking about what they need to do. But it will be awhile before cars are safe from a hacking attack.”

By 2022, 82.5M vehicles worldwide will be connected to the Internet, more than three times the 26.5M connected cars this year, according to IHS. In seven years, 78% of the cars sold globally will be connected, up from 30% now, the consulting firm said.

Fiat Chrysler said that “after becoming aware of the vulnerabilities in some 2013 and 2014 vehicles equipped with the 8.4-inch touchscreen systems, FCA and several supplies worked to fix the vulnerabilities in model year 2015 vehicles.”

Owners can download the fix to a thumb drive from a Fiat Chrysler website and install it in 30 minutes to 45 minutes or have the update done at a dealership, the company said. The carmaker plans to contact customers who may be affected and has distributed the update to dealers.

The models affected include 2013 and 2014 Ram pickups and 2014 Jeep Cherokee and Grand Cherokee SUVs, as well as some 2015 Chrysler 200 cars.

In the UK the BBC reported that NCC Group said the exploit could be used to seize control of a vehicle's brakes and other critical systems.

The Manchester company said it had found a way to carry out the attacks by sending data via digital audio broadcasting (DAB) radio signals.

NCC demonstrated its technique to BBC Radio 4's PM programme at its offices in Cheltenham.

By using relatively cheap off-the-shelf components connected to a laptop, the company's research director, Andy Davis, created a DAB station.

Because infotainment systems processed DAB data to display text and pictures on car dashboard screens, he said, an attacker could send code that would let them take over the system.

Once an infotainment system had been compromised, he said, an attacker could use it as a way to control more critical systems, including steering and braking.

Depending on the power of the transmitter, he said, a DAB broadcast could allow attackers to affect many cars at once.

"As this is a broadcast medium, if you had a vulnerability within a certain infotainment system in a certain manufacturer's vehicle, by sending one stream of data, you could attack many cars simultaneously," he said.

Davis declined to publicly identify which specific infotainment systems he had hacked.

For all the latest on cyber security don’t miss Active Safety: ADAS to Autonomous this October 12-13.

Leave a comment

Your email address will not be published. Required fields are marked *