With internet access, digital security connected car is a new concern for automakers. And two hackers will not rest until the automakers do not improve the systems: Charlie Miller and Chris Valasek. In a report with video published in US magazine’s website “Wired” on Tuesday (21), both invaded and controlled a Jeep Cherokee in 2014, which was directed by journalist Andy Greenberg, on a highway kilometers away .
With hackers in a house, the experiment showed that it is possible to give commands in comfort systems such as radio and air conditioning, but also for the brakes, throttle, transmission and steering the vehicle. Watch the video (in English) in Wired
The system invaded by hackers, the Uconnect, team cars of all Chrysler Group Fiat (FCA), including Fiat -. In the case, the 500L, model is not sold in Brazil.
When contacted by G1 , Chrysler’s Uconnect Brazil says with internet access is not offered outside the United States. The version that team cars sold in Brazil, including the Jeep Renegade, is simpler and does not have internet access.
months ago, Miller and Valasek informed the FCA about the breach and an update was developed for the system, which must be installed by the owners of the models at risk.
By far
In 2013, Miller and Valasek did a similar test with Greenberg, but the two were in the car, connected to the system via wire plugged into a serial port. Now, they show that you can do this online, kilometers away from the car.
According to the report the journalist, until the time when they were just playing with the radio, air conditioning and horn it was fun. The story changed when the transmission was turned off and the gas did not work in the middle of the highway.
For Greenberg, the most nerve-racking moment was when they cut the brake system, while the SUV was heading for a ditch to roadside, at low speed.
For now, hackers can only control the direction when the vehicle is in reverse, but they are working to see if you can have more access to controls. “It’s kind of failure that can kill someone,” says Miller.
Breach
The invasion was possible because of a loophole in the multimedia system Uconnect Access, which It allows access to the internet. With this “gateway”, the two rewrite the code chip that controls the entertainment system and send commands to other electronic exchanges, that trigger mechanical parts of the vehicle.
In order to put pressure on manufacturers , Valasek and Miller will issue a step by step hackers event next month, leaving out the code used in the entertainment system chip. This means that, if other hackers want to follow the path, will take months to achieve.
The two hackers also provided all the research information to Fiat Chrysler, which has developed a software update to protect the drivers vulnerability, according to Wired.
Across
In a statement sent to G1 , the group Fiat Chrysler (FCA), however, disagreed with the decision to release the data to other hackers.
“Under no circumstances will tolerate or FCA believes it is appropriate to disclose ‘instructions’ that potentially would encourage or help to allow hackers to gain unauthorized access to and illegal vehicle systems. “.
” The company monitors and tests the information systems of all the company’s products to identify and eliminate vulnerabilities in the normal course of business. Just like a smartphone or tablet, the software vehicle may require updates to improve the protection, “the FCA.
Valasek and Miller are not the first to” invade “a car from a distance. According to Wired, in 2011 a group of researchers from two American universities had already controlled locks and brakes of a sedan, but did not release the model
No comments:
Post a Comment