Real World Attack-Chrysler Jeep
This
well-known attack occurred in the summer 2015 (Mearian, 2016). The effect of
this was far-reaching and is still being felt in the industry. From this issue
the FCA fka Chrysler had the opportunity to recall 1.4 million Jeep, Dodge,
Chrysler, and Ram vehicles (Mearian, 2016; Finkle & Woodall, 2015). This
recall was operationalized in two manners. The affected clients could bring
their vehicle to the dealership and have the dealership download the patch or
could use a mailed USB and plug this into their vehicle (Greenberg, 2016). At
this point, the USB would auto download the patch and update to the vehicle.
The
specific affected vehicles had the 8.4 inch Uconnect touchscreen installed
(Stone, 2015). Specifically, these were the 2013-2015 Dodge Viper specialty
vehicle, 2013-2015 Ram pick-ups (1500, 2500, and 3500), 2013-2015 Ram chassis
cabs (3500, 4500, and 5500), 2014-2015 Jeep Grand Cherokee and Cherokee SUVs,
2015-2015 Dodge Durango SUV, 2015 Chrysler (200 and 300), 2015 Dodge Charger
sedans, and 2015 Dodge Challenger sports coupe. Although this did affect a
limited number of model years, there were many models involved.
As
noted, the issue was with the Uconnect operating system (Perkins, 2015). The
vast vulnerability was exploitable due to one communication method the Uconnect
system used which required the vehicle’s IP address (Walters, 2015). Once this
data was acquired, the attacker could connect remotely from anywhere to the
infotainment system designed by Harmon (Crosse, 2016). This vulnerability
allowed the attacker access to the vehicle’s controller network (CAN). They also
attacked the OBD-II port via an attached dongle (Gibbs, 2015).
The
attack was recorded and placed on YouTube, among other social media venues. The
two attackers disengaged the 2014 Jeep Cherokee’s transmission while it was on
a St. Louis freeway and manipulated other attack points (Greenberg, 2016;
Greenberg, 2015; Kudialis, 2015), including the radio volume, speed, climate
control, and disengaged the brakes.
This
vulnerability was remediated by FCA partially by Sprint closing port 6667
(Kudialis, 2015; McAllister, 2015). For others, it is advisable to block any
unused ports that are accessible via Wi Fi (Robertson, Moritz, and Khariff,
2015).
References
Crosse,
J. (2016, April 14). Car hacking: How cyber security is stepping up. Retrieved
from http://www.autocar.co.uk/car-news/industry/car-hacking-how-cyber-security-stepping
Finkle,
J. & Woodall, B. (2015, July 30). Researcher says can hack GM’s OnStar app,
open vehicle, start engine. Retrieved from http://www.reuters.com/article/us-gm-hacking-idUSKCN0Q42FI20150730
Gibbs,
S. (2015, August 12). Security researchers hack a car and apply the brakes via
text: Vulnerability revealed in diagnostic dongles used for vehicle hacking and
insurance that lets them take control using just an SMS. Retrieved from http://www.theguardian.com/technology/2015/aug/12/hack-a-brakes-sms-text
Greenberg,
A. (2015, July 21). Hackers remotely kill a jeep on the highway-With me in it. Retrieved
from http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Greenberg,
A. (2016, March 17). The fbi warns that car hacking is a real risk. Retrieved
from http://www.wired.com/2016/03/fbi-warns-car-hacking-real-risk/
Kudialis,
C. (2015, August 5). Security experts detail jeep hacking at Black Hat
conference. Retrieved from http://www.reviewjournal.com/life/technology/security-experts-detail-jeep-hacking-black-hat-conference
McAllister,
N. (2015, August 11). Blackberry can’t catch a break: Now it’s fending off jeep
hacking claims. Retrieved from http://www.theregister.co.uk/2015/08/11/blackberry_denies_blame_in_jeep_hack/
Mearian,
L. (2016, March 23). Should you worry that your car will be hacked? Retrieved
from http://www.computerworld.com/article/3047193/security/should-you-be-worried-your-car-will-be-hacked.html
Perkins,
C. (2015, July 31). Hacker discovers a major vulnerability in GM cars, hijacks vehicle
functions. Retrieved from http://mashable.com/2015/07/31/gm-onstar-hack-#TXV0RdSrScqr
Robertson,
J., Moritz, S., and Khariff, O. (2015, July 31). Hacked jeep Cherokee exposes
weak underbelly of high-tech cars. Retrieved from http://www.bloomberg.com/news/articles/2015-07-31/hacked-jeep-cherokee-exposes-weak-underbelly-of-high-tech-cars
Walters,
G. (2015, July 22). Could your car be the next to come under attack? Retrieved
from http://www.dailymail.co.uk/sciencetech/article-31752/could-car-come-attack-GUY-WALTERS-explains-computer-hackers...
No comments:
Post a Comment