Jeep Gets Hacked at 70MPH



  • Wired reports on a Chrysler Jeep Cherokee that gets wirelessly hacked while driving on the Interstate at 70MPH.



  • Why does a car need to be connected to the internet... for any reason? Our mobile devices can often do that better than our vehicle can... and they can go with us -- inside buildings!



  • That.Is.Scary.



  • Bloody stupid thing to do on an open road in public. I hope they don't do that again.



  • @MattSpeller They might not... but just wait until somebody extremely nefarious gets their hands on it.

    You know it will only be a matter of time before the real black hats figure out how to do this as well.

    Here's what I don't get though... If the cars have an IP address, why can't $manufacturer push down updates that way?


  • Banned

    @dafyre said:

    Here's what I don't get though... If the cars have an IP address, why can't $manufacturer push down updates that way?

    Because if they cared about doing things correctly, this would not have been possible to begin with.



  • @dafyre said:

    Here's what I don't get though... If the cars have an IP address, why can't $manufacturer push down updates that way?

    Because they didn't realize this could be done, therefore haven't written the code/processes needed to do it.

    That said - one has to ask if the whitehat guys would be willing to sell or give their code to the manufactures, have it reviewed by yet a different security company and then use it to deploy the update. Although, perhaps the update should never officially be done remotely since you can't know if the car is driving when applying the update unless the firmware has already been hacked. I say this assuming the manufacture has no access to the tracking data remotely like the hackers now do, but only after the hackers have updated the firmware.



  • Calling bullshit.

    "Then the windshield wipers turned on, and wiper fluid blurred the glass"

    That's on the stalk, using a switch.

    Youtube Video



  • @PSX_Defector Good point, unless it's a soft-switch that is routed through a computer somewhere, which is unlikely but still possible. I don't know, so can't say for sure.



  • @PSX_Defector said:

    Calling bullshit.

    "Then the windshield wipers turned on, and wiper fluid blurred the glass"

    That's on the stalk, using a switch.

    If the switch is just a soft switch, you could still trigger it with software, think about the power button on your PC.



  • @Dashrender said:

    @PSX_Defector said:

    Calling bullshit.

    "Then the windshield wipers turned on, and wiper fluid blurred the glass"

    That's on the stalk, using a switch.

    If the switch is just a soft switch, you could still trigger it with software, think about the power button on your PC.

    It's usually a relay that controls that, especially the actual wiper controls. That's a circuit open/close. Mind you, I don't have a Jeep Cherokee to rip apart, but wipers that can be controlled outside of the driver's ability, really anything in the driver's purview, would be really, really badly designed. And it might run afowl of NTSB specs, because anything that can be done through this can be done by non-drivers. Imagine your dickhead friend next to you poking on the center console and changing the speed of cruise control and turning on the wipers.

    I'm just calling bullshit on that part. The rest, like AC and radio, I can see happening, but I would need to see more proof from someone else just because of the wiper comment.



  • Why would the wipers be any different than the brakes? or the transmission?

    I know from my own experience that 10+ years ago a mechanic can control a transmission through maintenance plug on the car while the car is in motion.

    To trouble shoot a problem the tech and I took a drive and he was shifting the car from his hand held computer while I was driving. Granted back then it was all physical, but wireless access could be easily gained.

    If the switch the user manipulates goes to the central computer in the car, and that computer then tells the relay to do it's job, there's no reason you can't skip the button altogether and talk directly to the computer to control the relay. And considering the desire to have fewer parts in the car, combining all of these features into a single central computer seems highly likely.



  • @Dashrender said:

    Why would the wipers be any different than the brakes? or the transmission?

    Transmission is computer controlled. Normally wipers are purely electro-mechanical. Like the steering.



  • @scottalanmiller @Dashrender

    Transmission is computer controlled. Normally wipers are purely electro-mechanical. Like the steering.

    All of the things are computer controlled!
    Ease of diagnosis (plug in thing, thing beeps, points to error)
    Also why onstar can unlock your doors!
    When microcontrollers are so cheap and powerful why not connect them into everything*

    obviously because security, though for !&#^% ()#&%@)( bEEpITY blank BBEEEEP (&^!%!(# reasons, no one thought that it might be a good idea to ACTUALLY SECURE THINGS! [email protected]_(&#% BeeeP BLOOP IUO(@!#_%)(!**&(#&%

    Makes me embarrassed for the engineers who made it. I assure you someone pointed out that this could happen and were subsequently ignored when price to change it came up.



  • @MattSpeller said:

    @scottalanmiller @Dashrender

    Transmission is computer controlled. Normally wipers are purely electro-mechanical. Like the steering.

    All of the things are computer controlled!

    All things have a computer, doesn't mean all things are controlled by some Skynet-esque all knowing machine.

    Transmission and engine data go through OBDII, it's the jack you see under the console that you can plug into. Onstar and the like use some of this to get the data they are looking for.

    So if someone jacked into the OBDII interface and cross linked it to the infotainment system which then has the ability to be busted into that's just bad design. And easily fixed. This also cannot change the fact that transmission and steering are NOT linked into ODBII like that. Steering reports a position from center, but again it's physically impossible to screw with it like that through the interface because it's physically impossible. You can't even lock the wheel because that is when the system is at specific states in the starter. And transmission? Unless they are using some kind of shift-by-wire there is always a cable between the lever and the transmission and the ever present safety buttons. They can maybe pop it into neutral but you have to physically push the button to move it to anything other than that. That's an NTSB rule, which most countries follow anyways. And a stick wouldn't have the ability to do that ever.

    We have to keep in mind this is a $25K truck. And this is Fiat Chrysler, not known for their electrical prowess.

    I'm reminded of the whole Y2K panic with the news reporting some fat white chick poking at a TV and toaster saying "It's got a computer, we don't know if it's Y2K compliant!". Yeah, there is potential for hacking into this info if someone was stupid enough to do that, but like the airplane WiFi "hack", I'm holding out on better proof because fantastical claims require fantastical proof. And wiper control tells me that someone is making shit up.



  • @PSX_Defector said:

    I'm holding out on better proof because fantastical claims require fantastical proof.

    There we agree!

    I'm much less confident than you are that all of this is separate systems.

    As I come to think of it, I'm less keen on my car having drive by wire steering now.



  • what about the cars that have wipers with the fluid detector sensor on the windshield to automatically activate the wipers? On newer vw's, and nissans this is pretty well standard. They have a sensor that mounts to the windshield on the inside and somehow detects fluid being on the windshield, when it detects fluid, it signals the wipers to activate, therefore giving the hackers a way to control them.



  • @david.wiese

    To distil it down to the basics, it all depends on if and how these systems are connected to the main computer.

    I know that they will be, in some fashion, because that is how you report diagnostic codes.

    Question is, do they also have a programming interface between them where you could manipulate it? (ostensibly to upgrade it's soft(firm?)ware)



  • @PSX_Defector said:

    @MattSpeller said:

    @scottalanmiller @Dashrender
    So if someone jacked into the OBDII interface and cross linked it to the infotainment system which then has the ability to be busted into that's just bad design. And easily fixed. This also cannot change the fact that transmission and steering are NOT linked into ODBII like that. Steering reports a position from center, but again it's physically impossible to screw with it like that through the interface because it's physically impossible. You can't even lock the wheel because that is when the system is at specific states in the starter. And transmission? Unless they are using some kind of shift-by-wire there is always a cable between the lever and the transmission and the ever present safety buttons. They can maybe pop it into neutral but you have to physically push the button to move it to anything other than that. That's an NTSB rule, which most countries follow anyways. And a stick wouldn't have the ability to do that ever.

    They could only manipulate the steering while it met the conditions for the park assist function, going slowly in reverse. Which is where a lot of vehicles have the ability to control the steering/brakes/throttle to help with parallel parking.



  • @coliver said:

    They could only manipulate the steering while it met the conditions for the park assist function, going slowly in reverse. Which is where a lot of vehicles have the ability to control the steering/brakes/throttle to help with parallel parking.

    What decides when the system can control the steering / brakes / throttle? That would be in software, no?

    If they can hack or modify the firmware, I can see the potential for them to make the vehicle do anything they want to any system that is connected to the device running the firmware. IE) A vehicle with park assist could potentially be hacked so that park assist will activate while the vehicle is going forwards at 60 miles and hour...



  • @david.wiese said:

    what about the cars that have wipers with the fluid detector sensor on the windshield to automatically activate the wipers? On newer vw's, and nissans this is pretty well standard. They have a sensor that mounts to the windshield on the inside and somehow detects fluid being on the windshield, when it detects fluid, it signals the wipers to activate, therefore giving the hackers a way to control them.

    Rain sensing wipers, like you see on most cars, are still activated by the switch on the stalk. You have to turn on the wipers to allow it to start wiping automatically.

    The sensor itself is just a simple light resistance switch. The longer light is bent against the sensor, the more it assumes that it's raining harder so it adjusts speed.



  • @MattSpeller said:

    @PSX_Defector said:

    I'm holding out on better proof because fantastical claims require fantastical proof.

    I'm much less confident than you are that all of this is separate systems.

    Again, this is Fiat Chrysler. Fix it again Tony and Chrysler being so bad they don't even need to have a funny acronym. The Cherokee is based on an Alfa Romeo design. Faith is the only thing holding it together anyways. 🙂



  • Now if a 2 ton vehicle capable of 100mph being hacked STILL isn't scary enough for you....

    http://hackaday.com/2015/07/22/no-mounting-a-gun-to-a-quadcopter-probably-isnt-illegal/



  • Another line that makes me not believe their shit as much.

    "Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan."

    They are claiming that they were able to remotely discover systems all around the country. The UConnect system uses Sprint's network to connect. And that these cell connections are all using public facing IPs.

    The U.P. is a practical dead zone of most providers, especially Sprint. Verizon owns most of the area, which still has large swaths of dead zones, bad connections, and various other stuff. Sprint only shows roaming for the U.P., both voice and data. The maps don't do it justice though, you can drive from Marquette to Ishpeming and lose connection for a brief amount of time. And even if you do get connection, it's usually on the 3G network.

    So they were able to scan a foreign network for cars and were able to figure out that these devices were on the VZ and/or US Celluar network? I don't think so.



  • It has nothing to do with what network it's on!

    If the car is able to get on a VZ data network and get on the internet - you can scan for it, Period! they don't have firewalls. It's no different than scanning the entire internet for hosts with SSH ports open.





  • At least they think this is worthy of a recall. I wonder if what they are doing will actually fix the bugs or not.



  • @dafyre said:

    At least they think this is worthy of a recall. I wonder if what they are doing will actually fix the bugs or not.

    Considering the press this got, I'd be surprised if there's no one interested in testing all the different models they can get their hands on.



  • @MattSpeller said:

    @dafyre said:

    At least they think this is worthy of a recall. I wonder if what they are doing will actually fix the bugs or not.

    Considering the press this got, I'd be surprised if there's no one interested in testing all the different models they can get their hands on.

    I'll be keeping my nice old truck that can't be hacked.



  • @MattSpeller said:

    Now if a 2 ton vehicle capable of 100mph being hacked STILL isn't scary enough for you....

    http://hackaday.com/2015/07/22/no-mounting-a-gun-to-a-quadcopter-probably-isnt-illegal/

    If it isn't illegal why are the FBI looking for the creators of the video... They said they were looking for them yesterday.


Log in to reply