Hackers successfully manage to remotely kill a Jeep Cherokee a Wired author was testing for them - Polidicks

[url]http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/[/url] [quote=Wired]I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold. Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.[/quote]

I have a 2015 Charger that has this. I hope they release a fix soon. Edit: A fix was released today...

This type of thing is a known flaw with any car connected to the internet. IIRC, a few years ago someone was able to kill a cars engine, and disable emergency brakes from about five miles away.

This is why I hate modern vehicles. Computerization has gone way too far. Not only is it making vehicles more vulnerable to attacks, but it's also making it more and more difficult to modify vehicles without messing up something completely unrelated.

Why are car computers even able to do such things? The part facing the internet should have no connection at all to the internal computer.

[QUOTE=Darkwater124;48261968]Why are car computers even able to do such things? The part facing the internet should have no connection at all to the internal computer.[/QUOTE] Convenience

I honestly have 0 want for a computer in my car. Give me a way to charge my phone and bam, I've got everything a car computer could offer me. Pandora? Auxillary cord. GPS? Google maps. etc.

[vid]http://dp8hsntg6do36.cloudfront.net/55ad80d461646d4db7000005/531bc5de-3185-49d1-ae1d-2e4acb580efelow.webm[/vid]

Unrelated but nice Fear and Loathing Reference in the first sentence of the article. I find computer devices way too distracting in the front of the car. Too much shit to focus on.

[QUOTE=KillerJaguar;48262008]Convenience[/QUOTE] Won't be "convenience" anymore if and hopefully not when someone dies in a wreck caused remotely.

[QUOTE=wickedplayer494;48262076]Won't be "convenience" anymore if and hopefully not when someone dies in a wreck caused remotely.[/QUOTE] Convenience comes at the cost of security. Most people will opt for convenience over security. That's why you have gaping security problems like people sticky noting their passwords to their monitors.

[QUOTE=Silence I Kill You;48261966]This is why I hate modern vehicles. Computerization has gone way too far. Not only is it making vehicles more vulnerable to attacks, but it's also making it more and more difficult to modify vehicles without messing up something completely unrelated.[/QUOTE] This has nothing to do with computers being in cars and everything to do with the idiots who designed how they were put in some of these cars.

[QUOTE=KillerJaguar;48262104]Convenience comes at the cost of security. Most people will opt for convenience over security. That's why you have gaping security problems like people sticky noting their passwords to their monitors.[/QUOTE] Should an entertainment system really need to be hooked up to the damn transmission of all things and kill it? No. The most it should really have access to is the screen and the FM receiver, that's it.

Isn't this from the remote start where you can turn your engine, AC, sound etc on remotely? If you let the car get turned on from a distance it stands to reason someone can turn it off.

Who thought that connecting every function to the computer would be a good idea? [QUOTE=Darkwater124;48261968]Why are car computers even able to do such things? The part facing the internet should have no connection at all to the internal computer.[/QUOTE] [QUOTE=Silence I Kill You;48261966]This is why I hate modern vehicles. Computerization has gone way too far. Not only is it making vehicles more vulnerable to attacks, but it's also making it more and more difficult to modify vehicles without messing up something completely unrelated.[/QUOTE] It's [URL="http://media.giphy.com/media/1230rTAtEjLyLu/giphy.gif"][I]the future.[/I] [/URL]

No wonder Tesla has such high bounty for bugs and a hall of fame the bug hunters.

[QUOTE=plunger435;48262175]Isn't this from the remote start where you can turn your engine, AC, sound etc on remotely? If you let the car get turned on from a distance it stands to reason someone can turn it off.[/QUOTE] No. This is from the entertainment system, which is connected via internet to things like the manufacturer, map services, entertainment services, etc. The problem in this situation is that instead of leaving the entertainment system as it's own separate system, they connected it to the vehicle's CANbus system, which is connected directly to the ECU, which controls everything on the vehicle instead of just the engine. See, instead of isolating the engine and driving specific systems to the ECU, manufacturers now like to tie in all types of other systems into ECU that have nothing to do with the engine or driving. When this happens, and it's an internet based system, you're opening yourself up to this type of attack. You know how Teslas have all of their vehicle controls going through that nice computer in the dash, and how they can remotely access your car? Well, you've just opened yourself up to this type of hacking. I'm not saying it's the end of the world, just that it's going to happen with the way they are currently doing things.

I still can't understand how on earth every knob and switch is reprogrammable on cars, let alone connected to the remote systems

[QUOTE=Sableye;48262272]I still can't understand how on earth every knob and switch is reprogrammable on cars, let alone connected to the remote systems[/QUOTE] Probably the same solid state switching technology that Racepak uses in it's Smartwire race car electrical module. It's not manual switches, but just potentiometers that go into a computer which assigns their function and limits. [URL="http://www.racepaksmartwire.com/"]http://www.racepaksmartwire.com/[/URL]

almost every car maker that has a connection to the internet in their car has this problem. Nothing will be done about it until someone dies from this.

Okay, as a professional security researcher, these "hackers" seriously piss me off. Did they [I]really[/I] have to test this on a public road at 70 mph? Did they really have to obscure the drivers vision AND disconnect them from any audio sensory from the outside world (blasting music)? Not only that, but they did this on a section of the highway with no shoulder. Trucks going at 70 mph take a [B]long time to stop[/B]. If the 18-wheeler hadn't seen him in time, was at all distracted or anything, he may have had to swerve or do an emergency stop and people could have been seriously injured in resulting crashes. This kind of attitude is what encourages lawmakers to make it harder for researchers to actually solve security problems in a responsible manner. Can you imagine the headlines if some people had gotten killed in this stunt?

[QUOTE=acidcj;48262582]Okay, as a professional security researcher, these "hackers" seriously piss me off. Did they [I]really[/I] have to test this on a public road at 70 mph? Did they really have to obscure the drivers vision AND disconnect them from any audio sensory from the outside world (blasting music)? Not only that, but they did this on a section of the highway with no shoulder. Trucks going at 70 mph take a [B]long time to stop[/B]. If the 18-wheeler hadn't seen him in time, was at all distracted or anything, he may have had to swerve or do an emergency stop and people could have been seriously injured in resulting crashes. This kind of attitude is what encourages lawmakers to make it harder for researchers to actually solve security problems in a responsible manner. Can you imagine the headlines if some people had gotten killed in this stunt?[/QUOTE] I know what you mean. It's like that one "Heroic white hat hacker" that decided to try fiddling with an airplane inflight, making oblivious tweets, and actively refusing to cooperate with the investigation afterwards.

[QUOTE=plunger435;48262175]Isn't this from the remote start where you can turn your engine, AC, sound etc on remotely?[/QUOTE] Why the fuck would anyone besides Batman need to do this

Why the hell are they doing this on a public road? Do it on a test track or something.

[QUOTE=acidcj;48262582]Okay, as a professional security researcher, these "hackers" seriously piss me off. Did they [I]really[/I] have to test this on a public road at 70 mph? Did they really have to obscure the drivers vision AND disconnect them from any audio sensory from the outside world (blasting music)? Not only that, but they did this on a section of the highway with no shoulder. Trucks going at 70 mph take a [B]long time to stop[/B]. If the 18-wheeler hadn't seen him in time, was at all distracted or anything, he may have had to swerve or do an emergency stop and people could have been seriously injured in resulting crashes. This kind of attitude is what encourages lawmakers to make it harder for researchers to actually solve security problems in a responsible manner. Can you imagine the headlines if some people had gotten killed in this stunt?[/QUOTE] Because this type of test brings the results from "I think I remember a few years ago...", to "Dude, a few years ago this happened!". Why? Because it doesn't just say "this could happen while you're driving", it PROVES it could happen while you're driving. I do disagree with the timing and such, and the roadway having no shoulder for the guy to exit onto, but this is what it takes nowadays for people to pay attention and for things to not get swept under the rug.

[QUOTE=Silence I Kill You;48262693]Because this type of test brings the results from "I think I remember a few years ago...", to "Dude, a few years ago this happened!". Why? Because it doesn't just say "this could happen while you're driving", it PROVES it could happen while you're driving. I do disagree with the timing and such, and the roadway having no shoulder for the guy to exit onto, but this is what it takes nowadays for people to pay attention and for things to not get swept under the rug.[/QUOTE] Okay, but the attitude with which the hackers approached this was totally inappropriate. If exposure is the issue, let's arrest Beavis and Butthead—that'll give this whole incident a lot more attention.

[QUOTE=acidcj;48262745]Okay, but the attitude with which the hackers approached this was totally inappropriate. If exposure is the issue, let's arrest Beavis and Butthead—that'll give this whole incident a lot more attention.[/QUOTE] I'm not saying it's right, and I do agree with you, but that's most likely the reason why, along with trying to dispel "it's fake" people.

[QUOTE=Helix Snake;48262662]Why the fuck would anyone besides Batman need to do this[/QUOTE] AC for cooling your car whilst your gone (or doing it right before you're leaving), and turning on your car for heating it?

Kinda unrelated but this reminded me of Michael Hastings. Makes me wonder if there is any truth to the conspiracy theories that his car was hacked.

[QUOTE=Helix Snake;48262662]Why the fuck would anyone besides Batman need to do this[/QUOTE] During some heavy snow I imagine it'd be pretty handy to be able to start your car and turn on the heat before you actually head out. Same would go for cooling it down during the summer.