Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Transportation Security

Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack 157

swinferno writes: Fiat Chrysler announced today that it's recalling 1.4 million automobiles just days after researchers demonstrated a terrifying hack of a Jeep that was driving down the highway at 70 miles per hour. They are offering a software patch for some of their internet-connected vehicles. Cybersecurity experts Chris Valasek and Charlie Miller have publicly exposed a serious vulnerability that would allow hackers to take remote control of Fiat Chrysler Automobile (FCA) cars that run its Uconnect internet-accessing software for connected car features. Despite this, the researchers say automakers are being slow to address security concerns, and are often approaching security in the wrong way.
This discussion has been archived. No new comments can be posted.

Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack

Comments Filter:
  • Too bad (Score:5, Funny)

    by hcs_$reboot ( 1536101 ) on Friday July 24, 2015 @10:50AM (#50175319)
    So good to have a relaxing time while someone drives the car on your behalf.
  • by Anonymous Coward on Friday July 24, 2015 @10:53AM (#50175361)

    This type of bugs should not even be possible. There should be no data connection between the entertainment crap and the actual, important things, like engine control.

    And now we hear that they even pull this crap on airplanes - entertainment sections, connected to internet, are connected to same switches like engine control - "firewall will stop things!". Fucking idiots.

    • by TWX ( 665546 ) on Friday July 24, 2015 @10:59AM (#50175423)
      I've made this argument on and off for a decade. Connections between the ECM and the BCM should be one-way, with the ECM notifying the BCM of status only, no response, not even a reply, going back. The ECM doesn't need to know anything from the car's entertainment system. Unfortunately I think that some aspects of the operator's interface funnel through the BCM before ending up at the ECM now, so drive-by-wire might be at least partially to blame for this.

      This is only going to get worse with the advent of cars that are capable of driving themselves while still allowing a human to override and take control unless automakers and their suppliers figure out how to sanely allow disparate computer systems to work together without compromising security.
      • They put a great deal of effort to have a simple gateway processor talk to the car network instead of the giant 32 bit radio processor directly, lest some bug in a hundred gigantic code pieces broadcast nonsense and crash the network.

        But directed hack attacks, well, whodathunk?!?!?

      • by Anonymous Coward

        Except for the part where the various control modules HAVE to talk to each other to work together for things like adaptive suspension and overall vehicle control that need to know about engine speed, requested power output, traction conditions, tire temps/pressures, intended vehicle direction based on steering input, etc. etc. I'd rather my car work cooperatively with itself than the individual modules be required to guess what the others are doing.

        • by Anonymous Coward

          There may be a need for some modules to talk to others as you detail, but they should be minimized.
          There is no need for the door locks or lights or navigation system or entertainment system or other ancillary items to output to the modules responsible for the engine running or steering. ( for an autonomous system, any required nav functionality should move "inside" a protected environment that has no ability to have external actors influence it )

          • by TWX ( 665546 ) on Friday July 24, 2015 @01:09PM (#50176537)
            Exactly. If the functions of the vehicle's control systems have changed from a relatively simple engine spark and fuel injection management system to something that controls most aspects of the mechanics of the vehicle-in-motion, then the systems need to be balanced so that these critical systems are not run on poorly-secured or unsecured systems like the infotainment and passenger-comfort parts of the controls. If there is a need for something like the feedback from the body control module to tell the ECM how to set the suspension based on driver input, go back to basics, set a serial-link a simple four-bit byte that just changes values based on the setting chosen, and anything else is simply ignored and last-setting is retained. Doesn't have to be complicated.
            • Even that could be abused, as changing the suspension settings could result in a change in ride height, so a malicious program could order the suspension up and down repeatedly. And if you could do it at the harmonic frequency of the vehicle...

              • by TWX ( 665546 )
                Those kinds of suspension settings, at least on most vehicles, are slow. While I don't doubt that a car accident could be caused in specific circumstances, I doubt that most drivers would even experience that, let alone some kind of harmonic resonance that causes them to lose control.
      • by jonwil ( 467024 )

        If you dont provide remote access to the car systems, how will systems like OnStar be able to start the car remotely (ala Die Hard 4.0)?

      • Air con needs to send messages to the engine control unit when the compressor gets activated or you risk stalling the engine.

        Entrainment unit controls the aircon

    • And now we hear that they even pull this crap on airplanes - entertainment sections, connected to internet, are connected to same switches like engine control - "firewall will stop things!". Fucking idiots.

      [citationneeded.jpg]
    • The problem today is that the entertainment unit is often tied into the ECU for control and metrics. Look at the Hellcat, most of the tunables (suspension, boost, breaks, even displaying key mode (red and black keys have difference performance profiles), as well as the track apps, all of that is on the uconnect system. They would need to add a completely different display and system to completely isolate the entertainment unit. While I agree this is better, the costs and complexity increase result in eve

    • by guruevi ( 827432 )

      Firewall will stop these things. The problem is them not implementing a firewall. VLAN/Firewalling/Subnetting has been appropriate for ages, it's how the Internet works and we connect some pretty sensitive things to these networks which are typically unreachable even if you had fine hacking skills because they are not routed.

    • by jonwil ( 467024 )

      I have watched enough Top Gear to know that there are plenty of fancy cars (sports cars etc) out there where you use the infotainment system (or at least the screen for the infotainment system) to configure all the various settings for how the car will perform. So on those cars at least, there must be a 2-way link between the infotainment system and the car control systems.

  • by fuzzyfuzzyfungus ( 1223518 ) on Friday July 24, 2015 @10:55AM (#50175389) Journal
    If you already have a devastating remote hack, why not make a virtue of necessity and just distribute the patch by mass-p0wning all your units in the field and rewriting the affected software? Nothing could go wrong!
  • Really? (Score:3, Interesting)

    by gandalfu ( 1713422 ) on Friday July 24, 2015 @11:02AM (#50175439)
    From the press release: "No defect has been found. FCA US is conducting this campaign out of an abundance of caution."
    • I believe them that they were unable due to incompetence to recreate the hack.

    • Read more carefully. They acknowledged the attack was viable and real, they just aren't calling it a defect. They patched it by blocking access over the cellular network as demonstrated, and further are providing a patch and additional security updates, whatever that actually turns out to be.
  • by kheldan ( 1460303 ) on Friday July 24, 2015 @11:02AM (#50175445) Journal
    Where's the hardwired switch that kills power to the transceiver(s) in the car? We've had these on laptops for a long time now, why doesn't your car have one? You can't hack what you can't access, and if the wireless access to the vehicle is literally powered off, you can't hack it.

    Also could you people please just drive your cars and stop making them a lifestyle?
    • by hjf ( 703092 )

      hardwired switches are expensive. it's all touch screen or iphone apps nowadays.

    • Also could you people please just drive your cars and stop making them a lifestyle?

      Yes, small children should be driving cars, not admiring them.

    • Laptops do not have a hard wired switch, and with some, you can't remove the battery. The only way to know it's off is by letting it run down, but the good old CR2032 will keep everything on 'standby' for you for years :-)

      • by sconeu ( 64226 )

        My Toshiba Satellite has a hard wired switch which disconnects the built-in WiFi antenna.

        You have no clue what you're talking about.

        • that switch turns off the radio, it doesn't disconnect the antenna

          you are the one who doesn't know what they are talking about

          • Re: (Score:3, Funny)

            :-) It turns off the light...

          • by sconeu ( 64226 )

            Even better. The point is that yes, SOME laptops (hint -- not every laptop is a Dull) have a physical hardwired switch to turn off the WiFi (antenna or radio).

            • by guruevi ( 827432 )

              They are generally a software switch though. It's possible to turn the radio back on in software regardless. Also, disconnecting an antenna may still give the unit some range (not quite as much, but probably enough). I've run into issues where the antenna and radio were accidentally disconnected by repair, the thing still worked but had very flaky wifi. Try troubleshooting that.

    • by Aaden42 ( 198257 ) on Friday July 24, 2015 @12:39PM (#50176337) Homepage

      Killing the receiver would disable the entertainment system. I'd agree that's a far better situation than the possibility of disabling my brakes, but a non-techy with a screaming four-year-old who wants to watch Frozen for the 300th time while driving to see grandma might feel differently. The confirmed attack on their eardrums may well be worse than the theoretical attack on their brakes...

      That said, one thing that would make sense in terms of a physical lockout is firmware updates. The attack required rewriting the firmware on the radio in order to enable sending arbitrary commands over to the CAN bus. Not unlike the write-protect jumper for a BIOS update on a motherboard, it would make sense to have a physical jumper be installed before writes to any EEPROM / flash in a car would be possible.

      Most writable chips I've seen have a physical pin that's required to be connected to power or else it's impossible to write to them, regardless of whatever software flaws might cause valid write commands to be sent to the chip. Ship that disabled by default, and have an access panel or something when field upgrades are necessary. Better than a jumper, maybe a momentary contact button that you have to physically hold down for the upgrade to succeed?

      As far as design goes, it seems like the design included a "simple" network interface chip that was designed to moderate access to the CAN from the more advanced software running on the radio / display. Why was that chip even field upgradable? If your goal is to have a limited, controlled interface between two systems moderated by some kind of microcontroller, FFS make that uC read-only mask ROM!

      I'm also inclined to wonder whether there was zero signature checking on firmware updates or whether the attack exploited a flaw in whatever checking their was. My guess would be no checking at all...

      • The word I'd use for the auto industries' handling of this, from design to revelation of the problem, is 'sloppy', and I'm being kind about it. There should be NO connection between non-essential systems and critical systems in the vehicle, there should be strong protections of the critical systems, and there should be a way to completely override and lock out any wireless access to ANY systems of the vehicle, and that lockout should be available to the operator of the vehicle at all times. Fucking hell.. I
        • I'm glad I drive a small, basic pickup truck, not subject to any of this nonsense..

          so your vehicle somehow by magic avoids accidents with other vehicles? wow!

          • so your vehicle somehow by magic avoids accidents with other vehicles?

            Yes: The magic of 'being a competent driver'. In over 30 years of driving cars and riding motorcycles I've only ever been in one accident that was my fault, and there were mitigating circumstances even in that case. Just because some drivers and riders are accident-prone doesn't mean all drivers and riders are accident-prone.

  • tip of the iceburg (Score:5, Insightful)

    by The-Ixian ( 168184 ) on Friday July 24, 2015 @11:14AM (#50175551)

    It is becoming increasingly obvious to me that we have no idea how to secure information systems.

    It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.

    I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.

    • Oh we know how, it requires time and thought.

      Now the ECM should be able to send things to the BCM and Infotainment gear. The reverse should be very limited, pretty much remote start and that should be thoroughly checked for sanity. Old school would be serial in one direction yea there are some hardware hacks but not that problematic.

    • Re: (Score:3, Insightful)

      by burtosis ( 1124179 )

      It is becoming increasingly obvious to me that we have no idea how to secure information systems.

      It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.

      I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.

      Yep no one cares. Rather than just the potential murder of an annoying journalist few people know about or care about its probably going to take some complete ahole(s) with an exploit like this causing the first mass cyber fatality incident before anything really gets done and your average person cares.

    • by Chris Katko ( 2923353 ) on Friday July 24, 2015 @11:31AM (#50175697)
      We have absolutely every idea of how to secure IT systems. Nobody wants to freaking listen.

      I know of a college's root password stored in plain text file on a PUBLICLY accessible url so "new computers can install ghost copies quicker." I know of companies actually using "password" for their password. I know companies that deny access to copy-and-paste on remote desktop, refuse to use e-mail because it's insecure, but are fine with me using a domain administrator account to do my work.

      The reason businesses don't care about security is two reasons. 1) They're not afraid and people and the laws should make them afraid so it becomes cost-effective to care. 2) The IT field is full of bullshitters so even when people do hire IT, they assume the guy they hire understands security. When most companies only need one IT guy, they have no experienced guy on hand to tell them if the guy if full of crap. I'm a software developer and I had to teach one admin how Kerberos authentication works and how to resolve issues with it, and another thought that intranet ip addresses were somehow accessible from the web.

      However, with the IoT, the situation is mark darker. The IoT is a movement. If it cannot get good market penetration fast, it dies out. So people know that IoT is inherently dangerous but they don't have the time and resources to make them secure and solve those problems so they bank on, and hope for, that nobody ever notices so they can sell enough of their products to keep the market going. People buy features, but security only matters if someone finds out.

      The IoT is the NSA's wet dream. Why spy on Americans when you can willingly get them to sign a EULA that lets their Smart TV keep the microphone on 24/7? (This has already happened.) And worse still, if the NSA can do it, so can any government. And people are so stupid they're willingly giving up their privacy just so they can "keep up with the tech Joneses" for a gadget that doesn't even improve their lives in any significant way.
      • We have absolutely every idea of how to secure IT systems. Nobody wants to freaking listen.

        Sure we do. How many times has amazon been hacked into? Zero. Apparently they know how to do it, and do it well. So you start out with a 100% bogus assertion and it just goes downhill from there.

      • I can distill it even further. There are two primary reasons things don't get secured:

        1) Cost
        2) Convenience

        People want Cheap and Easy. They want those far more than they want Secure, so when it comes to the "pick any two" moment, that's the way they go, and come up with ways to justify it. People, and companies, tend to do this up until the point that they are forced to compromise because the lack of Security has bit them hard enough in the ass.
      • The biggest problem I have run into (as a Security consultant for state local and federal agencies for the last 15 years), is that they won't spend the money on the "appropriate" personnel and equipment needed to secure anything. They do not see any return on investment, so budgets are shoestring. They only wake up when they themselves are compromised, no matter how many high profile ones appear in the news.

        • Thanks for the supporting experience.

          That's why I think there should be legal and social consequences for data breaches. The public treats IT like it is magic... a black art (as opposed to science), dangerous/volatile, and expected to blow up in your face once-in-awhile. Nobody treats bridges that way--everyone understands you can't cut safety out of a budget for a bridge and that you have to take precautions.

          Businesses don't treat IT failures like they do an oil spill, but they should. It's a spill of
  • Excuse me while I go find a pickup from 1980.

  • As an automotive engineer, I'm frightened by the rapid response to this issue. This isn't Facebook. [forbes.com] When an auto manufacturer "moves fast and breaks things" people get hurt. Every change should go through months of validation before being released to the customer.

    I realize this exploit is a concern. However, is Chrysler sure they haven't introduced a bug with far worse consequences by implementing this change?
    • Wouldn't the best solution just be to remove the entertainment system?
    • I realize this exploit is a concern. However, is Chrysler sure they haven't introduced a bug with far worse consequences by implementing this change?

      Of course not, but they are Doing Something. That counts for quite a bit in our strobed-goldfish attention span media. If they waited six months to fix it, they would just have a bunch of bad publicity. They would look like bad guys. Hopefully, they realize this is a stopgap and will actually go through the motions to fix the the problem.

      Hopefully.

  • Ironic (Score:4, Funny)

    by MrL0G1C ( 867445 ) on Friday July 24, 2015 @12:04PM (#50176011) Journal

    How massively ironic is it that they can't fix these cars remotely when the vulnerability is due to remote hacking.

  • Maybe next time they'll invest a bit more in security before hand.
  • Maybe they should keep the internet the fuck out of my car. All it is is a gimmick to sell ongoing services. It's the same bullshit Microsoft tried to pull with Office 365.
  • This happened because auto-makers think it's OK to remotely communicate with your vehicle at their leisure. They think it's OK to download usage information and other private forms of data from your vehicle without your knowledge. Maybe they're even downloading GPS data, creating profiles out of their customers, and selling it all to a third party. All that said, I don't agree to be a future product and revenue stream for an auto vendor. I value my private data.

    There should not be any listening services

    • There should not be any listening services running on my new car at all.

      no fm radio?

      • Haha, sure the radio is fine. And to head off any future responses about sourcing from the inside out and maintaining a static connection via long-polling, I don't agree to that, either.

        • Haha, sure the radio is fine.

          until they put bogus packets in the amber alerts and break into your car radio

  • There are just some things that don't belong on the internet. Cars are one of those things.
  • by Macdude ( 23507 ) on Friday July 24, 2015 @02:05PM (#50176971)

    Let's hope the people designing self-driving cars think about this situation when they start to implement base-to-vehicle and vehicle-to-vehicle communications and isolate the exterior communications from the vehicle control system.

  • Remember that 90ies joke about software engineers designing cars? How such cars would only run on certain roads, require reboots to fix, etc.?

    Somehow we've entered that alternative reality now...

  • De Tangley home services - our specialist crew will disable and remove all appliance, heating, structure and alarm systems with network connections. Our team use the latest tracking tools to disable the most hard to reach sensors. Guaranteed dumb house back in your control.

    Dumb mot - Clean and service your car. Ensure all network equipped systems disabled. DumbCar certified agent

    Clean payment services - clean simple point of sale systems. Network isolated dumb terminals. No more downtime from network attack

  • Looks like only the ones that have functionality to integrate with cell phone apps:

    2013-2015 MY Dodge Viper specialty vehicles
    2013-2015 Ram 1500, 2500 and 3500 pickups
    2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
    2014-2015 Jeep Grand Cherokee and Cherokee SUVs
    2014-2015 Dodge Durango SUVs
    2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
    2015 Dodge Challenger sports coupes

    I have a uconnect as well but it is not internet enabled (predates the years here)... now I'm glad I cheaped out and bought used, heh

Beware of all enterprises that require new clothes, and not rather a new wearer of clothes. -- Henry David Thoreau

Working...