Remote Exploit On a Production Chrysler To Be Presented At BlackHat

Matt_Bennett writes: A scary remote exploit is going to be published that enables someone connected to the the same wireless (mobile data) network to take over many [automobile] systems, including braking. This is an exploit in Chrysler's Uconnect system. Charlie Miller and Chris Valasek also demonstrated exploits in 2013 that could be done via a direct connection to the system, but this is vastly expanded in scope. The pair convinced Wired writer Andy Greenberg to drive around near St. Louis while they picked apart the car's systems from 10 miles away, killing the radio controls before moving on to things like the transmission.

This doesn't surprise me One bit...

The Uconnect system is one buggy piece of software. Most of my interactions with the system is working around bugs. It updates without you knowing about it in the middle of the night over the Satellite system. It is very order dependent on things working correctly (even though running an automobile isn't that order dependent. The fact that there are remote issues doesn't surprise me all that much. I had a day where the tire system when bonkers and was reporting all sorts of surprising things. Then it stopped. I have had the car not start in a particular order. I have accidentally had the car started and instead of turning off, grind the starter. And because it is all software driven, there is nothing to do but wait. It is also tied into the Media system and bluetooth where I have a lot of interactions that just do not seem to work all that well. But I have been well trained on how to get it to work, until the fix a bug or add a new one, and my workflows have to change.