Hacking Vehicles

NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
Hackers Remotely Kill a Jeep on the Highway

Does this make anyone else with UConnect in their vehicle worried?

Comments

  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,781 Mod
    I think I would disconnect Uconnect if ever I get a car. Jeep didn't listen to the WhiteHats. I love technology, but leave the car alone.icon_exclaim.gificon_exclaim.gificon_exclaim.gif
    Never let your fear decide your fate....
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

    Why the hell was this being done on a public highway? I know it's more dramatic but I find it irresponsible.
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,738 ■■■■■■■■■■
    @tpatt100: You're not the only one: Wired Jeep hack: Don't let stunt storytelling eclipse the message - Fortune.

    I'm shocked they did this.
    Currently working on: Linux and Python
  • SoCalGuy858SoCalGuy858 CISSP, GCIH, GSEC, Project+ The TriangleMember Posts: 150 ■■■□□□□□□□
    My company is keeping an eye on this, along with the rest of the IoT world... It'll be interesting to see how this pans out, especially new legislation that may come of it.
    LinkedIn - Just mention you're from TE!
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,781 Mod
    Oh no..not legislation! icon_rolleyes.gif
    Never let your fear decide your fate....
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,738 ■■■■■■■■■■
    Because a law fixes everything... icon_confused.gif
    Currently working on: Linux and Python
  • SoCalGuy858SoCalGuy858 CISSP, GCIH, GSEC, Project+ The TriangleMember Posts: 150 ■■■□□□□□□□
    Our government seems to think so... :)

    EDIT: http://www.wired.com/2015/07/senate-bill-seeks-standards-cars-defenses-hackers

    Woohoo, laws! icon_rolleyes.gif
    LinkedIn - Just mention you're from TE!
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,781 Mod
    or how about a study? LOL
    Never let your fear decide your fate....
  • SoCalGuy858SoCalGuy858 CISSP, GCIH, GSEC, Project+ The TriangleMember Posts: 150 ■■■□□□□□□□
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,781 Mod
    LOLicon_rolleyes.gificon_lol.gif
    Never let your fear decide your fate....
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    Well vehicles have been recalled, I think some legislation from a consumer protection perspective would be useful. Like maybe requiring some basic security planning like keeping the entertainment center with internet connectivity isolated from the stuff that can make you crash.

    Fiat Chrysler recalls 1.4 million cars over remote hack vulnerability
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    It also says if you don't pay the monthly fee for the extra features you can't get hacked this way... Those Uconnect features don't really seem to be worth the $15/month they were asking for them anyways. To me at least. Just bought a new Dodge Durango last year.

    It was kind of nice to be able to play Pandora directly from the vehicle during my free trial period though.
  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    Ah the IoT the next frontier of Infosec and another avenue for hackers to steal our stuff.
    After many years of internet and software development i would expect IoT to be build a bit more securely! This is not acceptable really.
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    The whole thing sounds like it was being developed with an "OnStar or Satellite radio" perspective and ignored the trend of people just using their smartphones in their cars with bluetooth or just the auxiliary port. If people are already paying for the phone plans it makes more sense to go with Android Car or Apple CarPlay.
  • aftereffectoraftereffector Member Posts: 525
    I can't believe that the journalists and the exploit developers chose to do a live test of the exploit on a public road. That was extremely irresponsible, in my opinion, and really detracts from the message that they were trying to get out. If they want to lead with the attention-grabbing "70mph" anecdote, fine, but do it at a track, not on a public highway! We have enough problems without people like Chris Roberts and these researchers convincing the average news article consumer that pen testers are irresponsible hackers trying to break live production systems for lulz or glory.

    As far as the exploit, yes, I am worried about it. I'm also worried about Ford Sync and other networked entertainment systems... I seriously doubt that Uconnect is the only system that is exploitable. We just don't know about the other ones (yet).
    CCIE Security - this one might take a while...
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,917 Mod
    First thing I did when I bought my car was disable the On-star like system. Call me old fashioned but I don't want over-the-air nothing in my cars. One of the multiple reasons I could never own a Tesla.
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    cyberguypr wrote: »
    First thing I did when I bought my car was disable the On-star like system. Call me old fashioned but I don't want over-the-air nothing in my cars. One of the multiple reasons I could never own a Tesla.

    The "Galactica" defense lol
  • MTciscoguyMTciscoguy Member Posts: 552
    One reason we have seen this technology grow is because it saves the companies a lot of money, when they have to do a software upgrade on a vehicle line, it can be sent to the car and downloaded and installed with no intervention from a auto technician or a shop, they claim it will save the customer money? With everything I have seen in my life, I will never allow my car to be hooked up to a cell network or the internet, not going to happen.
    Current Lab: 4 C2950 WS, 1 C2950G EI, 3 1841, 2 2503, Various Modules, Parts and Pieces. Dell Power Edge 1850, Dell Power Edge 1950.
Sign In or Register to comment.