Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack 157
swinferno writes: Fiat Chrysler announced today that it's recalling 1.4 million automobiles just days after researchers demonstrated a terrifying hack of a Jeep that was driving down the highway at 70 miles per hour. They are offering a software patch for some of their internet-connected vehicles. Cybersecurity experts Chris Valasek and Charlie Miller have publicly exposed a serious vulnerability that would allow hackers to take remote control of Fiat Chrysler Automobile (FCA) cars that run its Uconnect internet-accessing software for connected car features.
Despite this, the researchers say automakers are being slow to address security concerns, and are often approaching security in the wrong way.
Too bad (Score:5, Funny)
Re: (Score:2)
Approach security the wrong way? No shit! (Score:5, Insightful)
This type of bugs should not even be possible. There should be no data connection between the entertainment crap and the actual, important things, like engine control.
And now we hear that they even pull this crap on airplanes - entertainment sections, connected to internet, are connected to same switches like engine control - "firewall will stop things!". Fucking idiots.
Re:Approach security the wrong way? No shit! (Score:5, Insightful)
This is only going to get worse with the advent of cars that are capable of driving themselves while still allowing a human to override and take control unless automakers and their suppliers figure out how to sanely allow disparate computer systems to work together without compromising security.
Re: (Score:1)
They put a great deal of effort to have a simple gateway processor talk to the car network instead of the giant 32 bit radio processor directly, lest some bug in a hundred gigantic code pieces broadcast nonsense and crash the network.
But directed hack attacks, well, whodathunk?!?!?
Re: (Score:1)
Except for the part where the various control modules HAVE to talk to each other to work together for things like adaptive suspension and overall vehicle control that need to know about engine speed, requested power output, traction conditions, tire temps/pressures, intended vehicle direction based on steering input, etc. etc. I'd rather my car work cooperatively with itself than the individual modules be required to guess what the others are doing.
Re: (Score:1)
There may be a need for some modules to talk to others as you detail, but they should be minimized.
There is no need for the door locks or lights or navigation system or entertainment system or other ancillary items to output to the modules responsible for the engine running or steering. ( for an autonomous system, any required nav functionality should move "inside" a protected environment that has no ability to have external actors influence it )
Re:Approach security the wrong way? No shit! (Score:4, Informative)
Re: (Score:1)
Even that could be abused, as changing the suspension settings could result in a change in ride height, so a malicious program could order the suspension up and down repeatedly. And if you could do it at the harmonic frequency of the vehicle...
Re: (Score:2)
Re: (Score:2)
If you dont provide remote access to the car systems, how will systems like OnStar be able to start the car remotely (ala Die Hard 4.0)?
Re: Approach security the wrong way? No shit! (Score:2)
Air con needs to send messages to the engine control unit when the compressor gets activated or you risk stalling the engine.
Entrainment unit controls the aircon
Re: (Score:3)
Did you read who they hire: Harris Corp and similar companies. Those companies are too big and stupid to handle these things and only care about billing out massive amounts for work that is half or not done by the cheapest H1B's and outsourced at multiple levels. You have to look for startups or actually hire competent individuals for this kind of work, nothing a good software/hardware/network engineer couldn't do by himself or with a small team.
Re: Approach security the wrong way? No shit! (Score:2)
[citationneeded.jpg]
Re: (Score:2)
Re: (Score:1)
Fake out!
Re: (Score:2)
I remember a story about a guy who was said to have claimed that he did that. I don't think we ever actually heard the real truth of it, though.
Re: (Score:2)
The problem today is that the entertainment unit is often tied into the ECU for control and metrics. Look at the Hellcat, most of the tunables (suspension, boost, breaks, even displaying key mode (red and black keys have difference performance profiles), as well as the track apps, all of that is on the uconnect system. They would need to add a completely different display and system to completely isolate the entertainment unit. While I agree this is better, the costs and complexity increase result in eve
Re: (Score:2)
Firewall will stop these things. The problem is them not implementing a firewall. VLAN/Firewalling/Subnetting has been appropriate for ages, it's how the Internet works and we connect some pretty sensitive things to these networks which are typically unreachable even if you had fine hacking skills because they are not routed.
Re: (Score:2)
I have watched enough Top Gear to know that there are plenty of fancy cars (sports cars etc) out there where you use the infotainment system (or at least the screen for the infotainment system) to configure all the various settings for how the car will perform. So on those cars at least, there must be a 2-way link between the infotainment system and the car control systems.
Re: (Score:1)
With wireless, everything's air-gapped.
Shields up!
Re: (Score:2)
Consider the safety network, which has data from the crash sensors, rollover sensors, seatbelt sensors, and seat occupancy sensors, and mixes all of that data together in a set of rules that instantly trigger the correct airbags and seatbelt pre-tensioners. It also needs to connect to the infotainment system to take over the car's data or phone connection to send a message to emergency services. In turn it may also get data from the navigation system to report location information. It may trigger an unloc
Re: (Score:2)
It's so easy to hack CANBUS, and I would assume other similar automotive data buses. Personally I have played around a bit with the CANBUS in my two cars. Using an Ardruino, a CANBUS shield and some custom software, I can read and write on the CANBUS with full control. In my two vehicles (both Ford Fusion's) I have confirmed via wiring diagrams that there are two CAN buses in the vehicle. On for non critical elements like locks, windows, radio, climate control, etc, and the other is a higher speed for more
Re: (Score:2)
Your exposition is informative, but it doesn't reach the point of explaining why the access necessary for this sort of remote exploit is necessary for the proper operation of the car. You cannot make a case for that from generalized "it's complicated" arguments.
Re: (Score:2)
Good point. First, IANAAEE (I am not an automotive electrical engineer) so much of this is speculation, but not all of it. I do think small, hardware firewalls ("data diodes") could help prevent a lot of these problems. I also agree with you in that I don't think the direct access is necessary, but I think it might loop around in such a way that the holes end up being present anyway.
Consider: the crash message from the airbag sensors, which is on the high speed engine control bus (ECB) goes to the door
Re: (Score:2)
To follow on from my earlier reply, but with regard to your last sentence specifically: "If they can layer on system security without compromising occupant safety, they will, but not at the expense of crash survivability."
That's a non-sequitur in this case. The correct viewpoint should have been "if they can connect to outside networks without compromising occupant safety, they will, but not at the expense of anyone's safety."
Once you have chosen to make such connections possible, layering on security is no
Obvious Solution! (Score:5, Funny)
Re:Obvious Solution! (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Because you'd have to get all the vehicles in range of a network to distribute the patch, you fucking retard.
http://vzwmap.verizonwireless.com/dotcom/coveragelocator/default.aspx?zip
Re: (Score:2)
TFA from a few days ago said they're on Sprint, not Verizon, but close...
Re:Obvious Solution! (Score:4, Insightful)
According to this (Score:2)
here... [slashdot.org] You only need the car to receive a radio signal, so could use standard radio stations for the push.. just make a commercial.
Re: (Score:2)
DAB is an out-of-band communication from the audio of the broadcast. The audio of a commercial can't transmit signals in DAB format that the radio would parse.
Really? (Score:3, Interesting)
Re: (Score:3)
I believe them that they were unable due to incompetence to recreate the hack.
Re: (Score:2)
Can you see that dialogue?
"You need to send a 4 digits pin to control the vehicle now!" ... how many tries do I have?" ... what keeps an attacker from trying codes 'til he guesses the correct one?"
"And when you send the wrong one?"
"Well, then of course you can't control it!"
"And
"What do you mean?"
"After how many tries does it lock you out?"
"It doesn't, what if the driver enters the wrong code? Then he could not access it anymore!"
"And
"Erh... can we do that recall thing once more?"
Re: (Score:2)
I've got a problem with splitting that particular hair (design).
I'm sure they don't design the things for the wheels to fly off when you're going down the highway at 70, but nobody in their right mind would try to call it NOT a "defect" if that did indeed happen to a vehicle.
The fact that they failed to design in adequate security is a defect in the design.
Re: (Score:3)
Where's the hardwired switch? (Score:5, Interesting)
Also could you people please just drive your cars and stop making them a lifestyle?
Re: (Score:2)
hardwired switches are expensive. it's all touch screen or iphone apps nowadays.
Re: (Score:2)
Yeah, they could cost half a buck! That's not in the profit margin for cars!
Re: (Score:2)
No, there is probably a fuse you can pull. Anything with an antenna in a vehicle has it's own fuse.
Re: (Score:2)
Yeah, let's pull the fuse of the thing that controls not just your media center but also your brakes, steering and engine.
Re: (Score:2)
Also could you people please just drive your cars and stop making them a lifestyle?
Yes, small children should be driving cars, not admiring them.
Re: (Score:1)
Laptops do not have a hard wired switch, and with some, you can't remove the battery. The only way to know it's off is by letting it run down, but the good old CR2032 will keep everything on 'standby' for you for years :-)
Re: (Score:2)
My Toshiba Satellite has a hard wired switch which disconnects the built-in WiFi antenna.
You have no clue what you're talking about.
Re: (Score:2)
that switch turns off the radio, it doesn't disconnect the antenna
you are the one who doesn't know what they are talking about
Re: (Score:3, Funny)
:-) It turns off the light...
Re: (Score:2)
Even better. The point is that yes, SOME laptops (hint -- not every laptop is a Dull) have a physical hardwired switch to turn off the WiFi (antenna or radio).
Re: (Score:2)
They are generally a software switch though. It's possible to turn the radio back on in software regardless. Also, disconnecting an antenna may still give the unit some range (not quite as much, but probably enough). I've run into issues where the antenna and radio were accidentally disconnected by repair, the thing still worked but had very flaky wifi. Try troubleshooting that.
Re:Where's the hardwired switch? (Score:4, Insightful)
Killing the receiver would disable the entertainment system. I'd agree that's a far better situation than the possibility of disabling my brakes, but a non-techy with a screaming four-year-old who wants to watch Frozen for the 300th time while driving to see grandma might feel differently. The confirmed attack on their eardrums may well be worse than the theoretical attack on their brakes...
That said, one thing that would make sense in terms of a physical lockout is firmware updates. The attack required rewriting the firmware on the radio in order to enable sending arbitrary commands over to the CAN bus. Not unlike the write-protect jumper for a BIOS update on a motherboard, it would make sense to have a physical jumper be installed before writes to any EEPROM / flash in a car would be possible.
Most writable chips I've seen have a physical pin that's required to be connected to power or else it's impossible to write to them, regardless of whatever software flaws might cause valid write commands to be sent to the chip. Ship that disabled by default, and have an access panel or something when field upgrades are necessary. Better than a jumper, maybe a momentary contact button that you have to physically hold down for the upgrade to succeed?
As far as design goes, it seems like the design included a "simple" network interface chip that was designed to moderate access to the CAN from the more advanced software running on the radio / display. Why was that chip even field upgradable? If your goal is to have a limited, controlled interface between two systems moderated by some kind of microcontroller, FFS make that uC read-only mask ROM!
I'm also inclined to wonder whether there was zero signature checking on firmware updates or whether the attack exploited a flaw in whatever checking their was. My guess would be no checking at all...
Re: (Score:2)
Re: (Score:2)
I'm glad I drive a small, basic pickup truck, not subject to any of this nonsense..
so your vehicle somehow by magic avoids accidents with other vehicles? wow!
Re: (Score:2)
so your vehicle somehow by magic avoids accidents with other vehicles?
Yes: The magic of 'being a competent driver'. In over 30 years of driving cars and riding motorcycles I've only ever been in one accident that was my fault, and there were mitigating circumstances even in that case. Just because some drivers and riders are accident-prone doesn't mean all drivers and riders are accident-prone.
Re:Where's the hardwired switch? (Score:5, Funny)
The car is technically always on because you can start it using a phone app.
me, you, the guy down the street, we can all start your car with a phone app, apparently.
Re: (Score:2)
Had a conversation with a German acquaintance, and he basically said that driving in Europe vs. driving in the US could be summed up in one simple thing: cup holders. In Europe, when you're driving, you're DRIVING.
My car was originally sold in germany, it has that weird german brake light and MANY cup holders.
Re:Where's the hardwired switch? (Score:5, Funny)
Sheesh. EVERY car needs cup holders! Where else are you supposed to put your beer?
Re: (Score:2)
Sheesh. EVERY car needs cup holders! Where else are you supposed to put your beer?
Jokes aside, THIS.
Cup holders are essential. I can live without Twitbook integration, voice activation, in-car DVD and all that other bollocks but cup holders are a basic need in an automobile.
If you're going for a long drive, you'll need a bottle of water and this sits in a cup holder. Same with transporting a drink from where you buy it to where you drink it. Especially if its in a cup instead of a bottle.
Re: (Score:2)
Actually, automakers are well aware of the importance of cupholders.
http://wardsauto.com/news-amp-... [wardsauto.com]
http://www.thetruthaboutcars.c... [thetruthaboutcars.com]
Re: (Score:2)
Want a more adventuresome automotive experience? Go to India. During the three weeks I was there, our driver's car was struck more times by more vehicles and pedestrians than I've seen in my 35 years of driving in the US.
The drivers are worse than you can imagine. "Keep left" is more of a guideline than an actually obeyed rule; "keep center" seems to be the observed behavior. The few traffic police I saw were standing in small gazebo-like boxes in intersections - they were not driving interceptors or sq
tip of the iceburg (Score:5, Insightful)
It is becoming increasingly obvious to me that we have no idea how to secure information systems.
It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.
I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.
Re: (Score:2)
Oh we know how, it requires time and thought.
Now the ECM should be able to send things to the BCM and Infotainment gear. The reverse should be very limited, pretty much remote start and that should be thoroughly checked for sanity. Old school would be serial in one direction yea there are some hardware hacks but not that problematic.
Re: (Score:3, Insightful)
It is becoming increasingly obvious to me that we have no idea how to secure information systems.
It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.
I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.
Yep no one cares. Rather than just the potential murder of an annoying journalist few people know about or care about its probably going to take some complete ahole(s) with an exploit like this causing the first mass cyber fatality incident before anything really gets done and your average person cares.
Re:tip of the iceburg (Score:5, Informative)
I know of a college's root password stored in plain text file on a PUBLICLY accessible url so "new computers can install ghost copies quicker." I know of companies actually using "password" for their password. I know companies that deny access to copy-and-paste on remote desktop, refuse to use e-mail because it's insecure, but are fine with me using a domain administrator account to do my work.
The reason businesses don't care about security is two reasons. 1) They're not afraid and people and the laws should make them afraid so it becomes cost-effective to care. 2) The IT field is full of bullshitters so even when people do hire IT, they assume the guy they hire understands security. When most companies only need one IT guy, they have no experienced guy on hand to tell them if the guy if full of crap. I'm a software developer and I had to teach one admin how Kerberos authentication works and how to resolve issues with it, and another thought that intranet ip addresses were somehow accessible from the web.
However, with the IoT, the situation is mark darker. The IoT is a movement. If it cannot get good market penetration fast, it dies out. So people know that IoT is inherently dangerous but they don't have the time and resources to make them secure and solve those problems so they bank on, and hope for, that nobody ever notices so they can sell enough of their products to keep the market going. People buy features, but security only matters if someone finds out.
The IoT is the NSA's wet dream. Why spy on Americans when you can willingly get them to sign a EULA that lets their Smart TV keep the microphone on 24/7? (This has already happened.) And worse still, if the NSA can do it, so can any government. And people are so stupid they're willingly giving up their privacy just so they can "keep up with the tech Joneses" for a gadget that doesn't even improve their lives in any significant way.
Re: (Score:3)
We have absolutely every idea of how to secure IT systems. Nobody wants to freaking listen.
Sure we do. How many times has amazon been hacked into? Zero. Apparently they know how to do it, and do it well. So you start out with a 100% bogus assertion and it just goes downhill from there.
Re: (Score:2)
1) Cost
2) Convenience
People want Cheap and Easy. They want those far more than they want Secure, so when it comes to the "pick any two" moment, that's the way they go, and come up with ways to justify it. People, and companies, tend to do this up until the point that they are forced to compromise because the lack of Security has bit them hard enough in the ass.
Re: (Score:2)
The biggest problem I have run into (as a Security consultant for state local and federal agencies for the last 15 years), is that they won't spend the money on the "appropriate" personnel and equipment needed to secure anything. They do not see any return on investment, so budgets are shoestring. They only wake up when they themselves are compromised, no matter how many high profile ones appear in the news.
Re: (Score:2)
That's why I think there should be legal and social consequences for data breaches. The public treats IT like it is magic... a black art (as opposed to science), dangerous/volatile, and expected to blow up in your face once-in-awhile. Nobody treats bridges that way--everyone understands you can't cut safety out of a budget for a bridge and that you have to take precautions.
Businesses don't treat IT failures like they do an oil spill, but they should. It's a spill of
Re: (Score:2)
The Internet of Vulnerable Things (Score:2)
Excuse me while I go find a pickup from 1980.
Re: (Score:2)
Excuse me while I go find a pickup from 1980.
hey baby, wanna disco?
Re: (Score:2)
Are you a ticket? Cause you got "fine," written all over you!
Slow Response? (Score:2)
I realize this exploit is a concern. However, is Chrysler sure they haven't introduced a bug with far worse consequences by implementing this change?
Re: (Score:2)
Re: (Score:2)
I realize this exploit is a concern. However, is Chrysler sure they haven't introduced a bug with far worse consequences by implementing this change?
Of course not, but they are Doing Something. That counts for quite a bit in our strobed-goldfish attention span media. If they waited six months to fix it, they would just have a bunch of bad publicity. They would look like bad guys. Hopefully, they realize this is a stopgap and will actually go through the motions to fix the the problem.
Hopefully.
Re: (Score:1)
The 'how could it be worse' would be something like the Toyota incident from a few years back where people claimed the drive-by-wire accelerator malfunctioned.
It would be good to know the content of their quick patches; I would assume that a quick patch of this type would just be disabling networking links to drive train capabilities, but considering how criminally stupid the development team (or more likely the product management for the dev team) has been thus far, who knows what they are doing; maybe c
Ironic (Score:4, Funny)
How massively ironic is it that they can't fix these cars remotely when the vulnerability is due to remote hacking.
Bet that's gonna cost a bit (Score:1)
I have an idea (Score:2)
The water is getting warmer, frogs (Score:2)
This happened because auto-makers think it's OK to remotely communicate with your vehicle at their leisure. They think it's OK to download usage information and other private forms of data from your vehicle without your knowledge. Maybe they're even downloading GPS data, creating profiles out of their customers, and selling it all to a third party. All that said, I don't agree to be a future product and revenue stream for an auto vendor. I value my private data.
There should not be any listening services
Re: (Score:2)
There should not be any listening services running on my new car at all.
no fm radio?
Re: (Score:2)
Haha, sure the radio is fine. And to head off any future responses about sourcing from the inside out and maintaining a static connection via long-polling, I don't agree to that, either.
Re: (Score:2)
Haha, sure the radio is fine.
until they put bogus packets in the amber alerts and break into your car radio
Dumb. (Score:1)
Re: (Score:2)
Busses, on the other hand, are going to be much harder to remove.
Security for self-driving cars (Score:3)
Let's hope the people designing self-driving cars think about this situation when they start to implement base-to-vehicle and vehicle-to-vehicle communications and isolate the exterior communications from the vehicle control system.
Rise of the new generation of engineers (Score:2)
Remember that 90ies joke about software engineers designing cars? How such cars would only run on certain roads, require reboots to fix, etc.?
Somehow we've entered that alternative reality now...
New business opportunities for 2020 (Score:1)
De Tangley home services - our specialist crew will disable and remove all appliance, heating, structure and alarm systems with network connections. Our team use the latest tracking tools to disable the most hard to reach sensors. Guaranteed dumb house back in your control.
Dumb mot - Clean and service your car. Ensure all network equipped systems disabled. DumbCar certified agent
Clean payment services - clean simple point of sale systems. Network isolated dumb terminals. No more downtime from network attack
List of Cars Affected (Score:2)
Looks like only the ones that have functionality to integrate with cell phone apps:
2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500, 2500 and 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee and Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes
I have a uconnect as well but it is not internet enabled (predates the years here)... now I'm glad I cheaped out and bought used, heh
Re:Get rid of the computer controls... (Score:5, Interesting)
Dare I suggest that we build cars without computers controlling things the driver should have been taught to properly manage anyway, and then actually teach people how to drive?
sure, if you want lots more death on the highway
this technology that you hate has saved many hundreds of thousands of lives
https://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year
see how the death rate drops dramatically when these features you hate are implemented
Re: (Score:2)
Yes, but only because those driver's haven't been taught proper driving skills in the first place...
ONLY?? ONLY??? Then WHY did they go down in Germany, too, where people ARE taught proper driving skills in the first place???
https://www.destatis.de/EN/FactsFigures/EconomicSectors/TransportTraffic/TrafficAccidents/Tables_/RoadTrafficAccidents.html
trust me
why? you are a proven liar
Re: (Score:3)
all of your friends, apparently
Re: (Score:3)
You forgot "Hey you kids, get off of my lawn!"
Cruise control (Score:5, Insightful)
I installed cruise control on my otherwise primitive '65 Chevy station wagon. Loved it. I'm hard pressed to think of a drawback of cruise control.
But then I would say exactly the same thing about ABS.
The rest...I agree with you. Oh, except for electronic ignition -- my car starting problems disappeared when I started owning cars with electronic ignitions.
And I'm kinda fond of those lights that come on automatically. Not the ones that are always on, but the ones that can tell when it is a little too dark. Like when you go in a tunnel. I positively love that.
Oh, and automatic overdrive, "torque lockout" and the 3-way catalytic converters.
But yeah, old cars, that weigh twice as much as new cars, are the best! Trucks that ride like trucks? Man I miss those. My crap 2002 GMC Sierra, with that high strength steel? Too car-like for me. Who needs comfort? I want the smell of oil and the bounce of a bench seat.
Oh, and the rear-view mirror that shows the outside temperature and the letters I-C-E when it is near freezing? I hardly ever use that. Mind you, when it does get near freezing I kind of appreciate knowing there might be black ice.
But the compass direction indicator is a bit much. Except when I'm driving on an unfamiliar road, at night, in the rain.
So, yeah, you're right. Who needs anything better than a model T? Well, except for the time that hand crank broke my wrist...
Re: (Score:2)
I am still trying to figure out why all of those things that you mention require a remote connection or need to be tied in to the "entertainment" system. There should be zero possibility that "remote" commands could be sent to any of those systems. I would go so far as to say those circuits should all be encased in a faraday cage to prevent the circuits themselves from acting like an antenna.
For myself, I am pretty happy with many of the advances; however, I have had issues with drive-by-wire throttles and
Re: (Score:2)
All of them, once car makers catch on to SAAS.
Re: (Score:2)
There is nothing wrong with the Wrangler, or Grand Cherokee, both of which use the same unconnect system, so they are potentially vulnerable as well. Same goes for any Dodge, say the Viper, Hellcat Chargers and Challengers. With the exception of the challenger, the rest are decent to great cars (I hate it for some reason).
Re: (Score:2)
Don't let these two guys ANYWHERE near your Jeep and they can't install their shit.
Sorry, but they don't need to [wired.com]