Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack

swinferno writes: Fiat Chrysler announced today that it's recalling 1.4 million automobiles just days after researchers demonstrated a terrifying hack of a Jeep that was driving down the highway at 70 miles per hour. They are offering a software patch for some of their internet-connected vehicles. Cybersecurity experts Chris Valasek and Charlie Miller have publicly exposed a serious vulnerability that would allow hackers to take remote control of Fiat Chrysler Automobile (FCA) cars that run its Uconnect internet-accessing software for connected car features. Despite this, the researchers say automakers are being slow to address security concerns, and are often approaching security in the wrong way.

Approach security the wrong way? No shit!

This type of bugs should not even be possible. There should be no data connection between the entertainment crap and the actual, important things, like engine control.

And now we hear that they even pull this crap on airplanes - entertainment sections, connected to internet, are connected to same switches like engine control - "firewall will stop things!". Fucking idiots.

Re:Approach security the wrong way? No shit!

[TWX]

I've made this argument on and off for a decade. Connections between the ECM and the BCM should be one-way, with the ECM notifying the BCM of status only, no response, not even a reply, going back. The ECM doesn't need to know anything from the car's entertainment system. Unfortunately I think that some aspects of the operator's interface funnel through the BCM before ending up at the ECM now, so drive-by-wire might be at least partially to blame for this.

This is only going to get worse with the advent of cars that are capable of driving themselves while still allowing a human to override and take control unless automakers and their suppliers figure out how to sanely allow disparate computer systems to work together without compromising security.

Re:Obvious Solution!

[ArhcAngel]

Good thing we don't use DAB in the US or we'd be in REAL trouble!

tip of the iceburg

[The-Ixian]

It is becoming increasingly obvious to me that we have no idea how to secure information systems.

It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.

I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.

Re:tip of the iceburg

[burtosis]

It is becoming increasingly obvious to me that we have no idea how to secure information systems.

It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.

I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.

Yep no one cares. Rather than just the potential murder of an annoying journalist few people know about or care about its probably going to take some complete ahole(s) with an exploit like this causing the first mass cyber fatality incident before anything really gets done and your average person cares.

Cruise control

[justthinkit]

I installed cruise control on my otherwise primitive '65 Chevy station wagon. Loved it. I'm hard pressed to think of a drawback of cruise control.

But then I would say exactly the same thing about ABS.

The rest...I agree with you. Oh, except for electronic ignition -- my car starting problems disappeared when I started owning cars with electronic ignitions.

And I'm kinda fond of those lights that come on automatically. Not the ones that are always on, but the ones that can tell when it is a little too dark. Like when you go in a tunnel. I positively love that.

Oh, and automatic overdrive, "torque lockout" and the 3-way catalytic converters.

But yeah, old cars, that weigh twice as much as new cars, are the best! Trucks that ride like trucks? Man I miss those. My crap 2002 GMC Sierra, with that high strength steel? Too car-like for me. Who needs comfort? I want the smell of oil and the bounce of a bench seat.

Oh, and the rear-view mirror that shows the outside temperature and the letters I-C-E when it is near freezing? I hardly ever use that. Mind you, when it does get near freezing I kind of appreciate knowing there might be black ice.

But the compass direction indicator is a bit much. Except when I'm driving on an unfamiliar road, at night, in the rain.

So, yeah, you're right. Who needs anything better than a model T? Well, except for the time that hand crank broke my wrist...

Re:Where's the hardwired switch?

[Aaden42]

Killing the receiver would disable the entertainment system. I'd agree that's a far better situation than the possibility of disabling my brakes, but a non-techy with a screaming four-year-old who wants to watch Frozen for the 300th time while driving to see grandma might feel differently. The confirmed attack on their eardrums may well be worse than the theoretical attack on their brakes...

That said, one thing that would make sense in terms of a physical lockout is firmware updates. The attack required rewriting the firmware on the radio in order to enable sending arbitrary commands over to the CAN bus. Not unlike the write-protect jumper for a BIOS update on a motherboard, it would make sense to have a physical jumper be installed before writes to any EEPROM / flash in a car would be possible.

Most writable chips I've seen have a physical pin that's required to be connected to power or else it's impossible to write to them, regardless of whatever software flaws might cause valid write commands to be sent to the chip. Ship that disabled by default, and have an access panel or something when field upgrades are necessary. Better than a jumper, maybe a momentary contact button that you have to physically hold down for the upgrade to succeed?

As far as design goes, it seems like the design included a "simple" network interface chip that was designed to moderate access to the CAN from the more advanced software running on the radio / display. Why was that chip even field upgradable? If your goal is to have a limited, controlled interface between two systems moderated by some kind of microcontroller, FFS make that uC read-only mask ROM!

I'm also inclined to wonder whether there was zero signature checking on firmware updates or whether the attack exploited a flaw in whatever checking their was. My guess would be no checking at all...