Remote Exploit On a Production Chrysler To Be Presented At BlackHat

Matt_Bennett writes: A scary remote exploit is going to be published that enables someone connected to the the same wireless (mobile data) network to take over many [automobile] systems, including braking. This is an exploit in Chrysler's Uconnect system. Charlie Miller and Chris Valasek also demonstrated exploits in 2013 that could be done via a direct connection to the system, but this is vastly expanded in scope. The pair convinced Wired writer Andy Greenberg to drive around near St. Louis while they picked apart the car's systems from 10 miles away, killing the radio controls before moving on to things like the transmission.

Re:Fix It Again Tony

I've taken all the sub-systems out of a 2005 Subaru WRX to build another car from the bits. Although there are a lot of electronic modules, very few of them are connected to each other. The cruise control, airbag, ABS, climate control, heating, entertainment, lighting, and engine control systems are all completely independent from one another. I can 100% guarantee that a compromise in any one of the systems cannot be used to control any of the others on this car.

My experience tells me that it's mostly cars from the past five years or so that are vulnerable to this type of exploit. Anything pre-CANbus has pretty much zero chance of having complex interconnections. Even most early CANbus cars only use the bus for mundane stuff like sending speedo and tach signals to multiple systems. It's a pretty recent trend to start adding things like door locks and brakes to the main bus.