Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack

Posted by Soulskill on from the where-we're-going,-we-don't-need-roads dept.

swinferno writes: Fiat Chrysler announced today that it's recalling 1.4 million automobiles just days after researchers demonstrated a terrifying hack of a Jeep that was driving down the highway at 70 miles per hour. They are offering a software patch for some of their internet-connected vehicles. Cybersecurity experts Chris Valasek and Charlie Miller have publicly exposed a serious vulnerability that would allow hackers to take remote control of Fiat Chrysler Automobile (FCA) cars that run its Uconnect internet-accessing software for connected car features. Despite this, the researchers say automakers are being slow to address security concerns, and are often approaching security in the wrong way.

28 of 157 comments (clear)

  1. Too bad by hcs_$reboot · · Score: 4, Funny

    So good to have a relaxing time while someone drives the car on your behalf.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  2. Approach security the wrong way? No shit! by Anonymous Coward · · Score: 5, Insightful

    This type of bugs should not even be possible. There should be no data connection between the entertainment crap and the actual, important things, like engine control.

    And now we hear that they even pull this crap on airplanes - entertainment sections, connected to internet, are connected to same switches like engine control - "firewall will stop things!". Fucking idiots.

    1. Re:Approach security the wrong way? No shit! by TWX · · Score: 4, Insightful

      I've made this argument on and off for a decade. Connections between the ECM and the BCM should be one-way, with the ECM notifying the BCM of status only, no response, not even a reply, going back. The ECM doesn't need to know anything from the car's entertainment system. Unfortunately I think that some aspects of the operator's interface funnel through the BCM before ending up at the ECM now, so drive-by-wire might be at least partially to blame for this.

      This is only going to get worse with the advent of cars that are capable of driving themselves while still allowing a human to override and take control unless automakers and their suppliers figure out how to sanely allow disparate computer systems to work together without compromising security.

      --
      Do not look into laser with remaining eye.
    2. Re:Approach security the wrong way? No shit! by TWX · · Score: 3, Informative

      Exactly. If the functions of the vehicle's control systems have changed from a relatively simple engine spark and fuel injection management system to something that controls most aspects of the mechanics of the vehicle-in-motion, then the systems need to be balanced so that these critical systems are not run on poorly-secured or unsecured systems like the infotainment and passenger-comfort parts of the controls. If there is a need for something like the feedback from the body control module to tell the ECM how to set the suspension based on driver input, go back to basics, set a serial-link a simple four-bit byte that just changes values based on the setting chosen, and anything else is simply ignored and last-setting is retained. Doesn't have to be complicated.

      --
      Do not look into laser with remaining eye.
    3. Re:Approach security the wrong way? No shit! by SirAudioMan · · Score: 2

      It's so easy to hack CANBUS, and I would assume other similar automotive data buses. Personally I have played around a bit with the CANBUS in my two cars. Using an Ardruino, a CANBUS shield and some custom software, I can read and write on the CANBUS with full control. In my two vehicles (both Ford Fusion's) I have confirmed via wiring diagrams that there are two CAN buses in the vehicle. On for non critical elements like locks, windows, radio, climate control, etc, and the other is a higher speed for more critical things like engine control, airbag modules, steering angle sensors, transmission, etc.

      Now, that design is great but there are two places where the buses meet. One is the instrument cluster, which is the gateway that passes data between the two buses. This is likely so that things like vehicle speed can be relayed to the stereo unit for adaptive volume control WITHOUT having the head unit have access to the critical systems bus. The other place is the Ford Sync module - bingo this could be a problem!

      What is needed is strict control of what data is allowed to pass between the buses, and which way. Essentially where each bus meets together, it should be thought of as a very strict firewall. The problem is, manufactures want to be able to add bells and whistles cheaply and easily, so they leave it wide open. In theory this seems okay, but with security, it's always best to have multiple levels of security. It sounds like Chrysler has only one, 'security' by hiding in plain sight. It's exactly the same as putting a PC direct on the internet without a router/firewall. For a while you will be fine because nobody is looking to break in, but eventually they'll figure it out. In this case, with Chrysler's uConnect, they did.

    4. Re:Approach security the wrong way? No shit! by guruevi · · Score: 2

      Did you read who they hire: Harris Corp and similar companies. Those companies are too big and stupid to handle these things and only care about billing out massive amounts for work that is half or not done by the cheapest H1B's and outsourced at multiple levels. You have to look for startups or actually hire competent individuals for this kind of work, nothing a good software/hardware/network engineer couldn't do by himself or with a small team.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  3. Obvious Solution! by fuzzyfuzzyfungus · · Score: 4, Funny

    If you already have a devastating remote hack, why not make a virtue of necessity and just distribute the patch by mass-p0wning all your units in the field and rewriting the affected software? Nothing could go wrong!

    1. Re:Obvious Solution! by pixelpusher220 · · Score: 4, Funny

      It only works from the Sprint network. Not enough coverage or reliability ;-)

      --
      People in cars cause accidents....accidents in cars cause people :-D
    2. Re:Obvious Solution! by ArhcAngel · · Score: 3, Insightful

      Good thing we don't use DAB in the US or we'd be in REAL trouble!

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  4. Really? by gandalfu · · Score: 3, Interesting

    From the press release: "No defect has been found. FCA US is conducting this campaign out of an abundance of caution."

    1. Re:Really? by Opportunist · · Score: 2

      I believe them that they were unable due to incompetence to recreate the hack.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Really? by burtosis · · Score: 2

      Read more carefully. They acknowledged the attack was viable and real, they just aren't calling it a defect. They patched it by blocking access over the cellular network as demonstrated, and further are providing a patch and additional security updates, whatever that actually turns out to be.

  5. Where's the hardwired switch? by kheldan · · Score: 5, Interesting

    Where's the hardwired switch that kills power to the transceiver(s) in the car? We've had these on laptops for a long time now, why doesn't your car have one? You can't hack what you can't access, and if the wireless access to the vehicle is literally powered off, you can't hack it.

    Also could you people please just drive your cars and stop making them a lifestyle?

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    1. Re:Where's the hardwired switch? by FranTaylor · · Score: 4, Funny

      The car is technically always on because you can start it using a phone app.

      me, you, the guy down the street, we can all start your car with a phone app, apparently.

    2. Re:Where's the hardwired switch? by fustakrakich · · Score: 3, Funny

      :-) It turns off the light...

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Where's the hardwired switch? by andyring · · Score: 4, Funny

      Sheesh. EVERY car needs cup holders! Where else are you supposed to put your beer?

    4. Re:Where's the hardwired switch? by Aaden42 · · Score: 3, Insightful

      Killing the receiver would disable the entertainment system. I'd agree that's a far better situation than the possibility of disabling my brakes, but a non-techy with a screaming four-year-old who wants to watch Frozen for the 300th time while driving to see grandma might feel differently. The confirmed attack on their eardrums may well be worse than the theoretical attack on their brakes...

      That said, one thing that would make sense in terms of a physical lockout is firmware updates. The attack required rewriting the firmware on the radio in order to enable sending arbitrary commands over to the CAN bus. Not unlike the write-protect jumper for a BIOS update on a motherboard, it would make sense to have a physical jumper be installed before writes to any EEPROM / flash in a car would be possible.

      Most writable chips I've seen have a physical pin that's required to be connected to power or else it's impossible to write to them, regardless of whatever software flaws might cause valid write commands to be sent to the chip. Ship that disabled by default, and have an access panel or something when field upgrades are necessary. Better than a jumper, maybe a momentary contact button that you have to physically hold down for the upgrade to succeed?

      As far as design goes, it seems like the design included a "simple" network interface chip that was designed to moderate access to the CAN from the more advanced software running on the radio / display. Why was that chip even field upgradable? If your goal is to have a limited, controlled interface between two systems moderated by some kind of microcontroller, FFS make that uC read-only mask ROM!

      I'm also inclined to wonder whether there was zero signature checking on firmware updates or whether the attack exploited a flaw in whatever checking their was. My guess would be no checking at all...

  6. tip of the iceburg by The-Ixian · · Score: 4, Insightful

    It is becoming increasingly obvious to me that we have no idea how to secure information systems.

    It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.

    I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.

    --
    My eyes reflect the stars and a smile lights up my face.
    1. Re:tip of the iceburg by burtosis · · Score: 2, Insightful

      It is becoming increasingly obvious to me that we have no idea how to secure information systems.

      It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.

      I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.

      Yep no one cares. Rather than just the potential murder of an annoying journalist few people know about or care about its probably going to take some complete ahole(s) with an exploit like this causing the first mass cyber fatality incident before anything really gets done and your average person cares.

    2. Re:tip of the iceburg by ckatko · · Score: 5, Informative

      We have absolutely every idea of how to secure IT systems. Nobody wants to freaking listen.

      I know of a college's root password stored in plain text file on a PUBLICLY accessible url so "new computers can install ghost copies quicker." I know of companies actually using "password" for their password. I know companies that deny access to copy-and-paste on remote desktop, refuse to use e-mail because it's insecure, but are fine with me using a domain administrator account to do my work.

      The reason businesses don't care about security is two reasons. 1) They're not afraid and people and the laws should make them afraid so it becomes cost-effective to care. 2) The IT field is full of bullshitters so even when people do hire IT, they assume the guy they hire understands security. When most companies only need one IT guy, they have no experienced guy on hand to tell them if the guy if full of crap. I'm a software developer and I had to teach one admin how Kerberos authentication works and how to resolve issues with it, and another thought that intranet ip addresses were somehow accessible from the web.

      However, with the IoT, the situation is mark darker. The IoT is a movement. If it cannot get good market penetration fast, it dies out. So people know that IoT is inherently dangerous but they don't have the time and resources to make them secure and solve those problems so they bank on, and hope for, that nobody ever notices so they can sell enough of their products to keep the market going. People buy features, but security only matters if someone finds out.

      The IoT is the NSA's wet dream. Why spy on Americans when you can willingly get them to sign a EULA that lets their Smart TV keep the microphone on 24/7? (This has already happened.) And worse still, if the NSA can do it, so can any government. And people are so stupid they're willingly giving up their privacy just so they can "keep up with the tech Joneses" for a gadget that doesn't even improve their lives in any significant way.

    3. Re:tip of the iceburg by FranTaylor · · Score: 2

      We have absolutely every idea of how to secure IT systems. Nobody wants to freaking listen.

      Sure we do. How many times has amazon been hacked into? Zero. Apparently they know how to do it, and do it well. So you start out with a 100% bogus assertion and it just goes downhill from there.

  7. Re:Get rid of the computer controls... by FranTaylor · · Score: 4, Interesting

    Dare I suggest that we build cars without computers controlling things the driver should have been taught to properly manage anyway, and then actually teach people how to drive?

    sure, if you want lots more death on the highway

    this technology that you hate has saved many hundreds of thousands of lives

    https://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year

    see how the death rate drops dramatically when these features you hate are implemented

  8. Re:Get rid of the computer controls... by swimboy · · Score: 2

    You forgot "Hey you kids, get off of my lawn!"

    --
    Ask me how the Heisenberg Principle may or may not have saved my life.
  9. Ironic by MrL0G1C · · Score: 3, Funny

    How massively ironic is it that they can't fix these cars remotely when the vulnerability is due to remote hacking.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  10. Re:REQUIRES PHYSICAL ACCESS TO CAR FIRST! by billyswong · · Score: 2

    Don't let these two guys ANYWHERE near your Jeep and they can't install their shit.

    Sorry, but they don't need to

  11. Cruise control by justthinkit · · Score: 5, Insightful

    I installed cruise control on my otherwise primitive '65 Chevy station wagon. Loved it. I'm hard pressed to think of a drawback of cruise control.

    But then I would say exactly the same thing about ABS.

    The rest...I agree with you. Oh, except for electronic ignition -- my car starting problems disappeared when I started owning cars with electronic ignitions.

    And I'm kinda fond of those lights that come on automatically. Not the ones that are always on, but the ones that can tell when it is a little too dark. Like when you go in a tunnel. I positively love that.

    Oh, and automatic overdrive, "torque lockout" and the 3-way catalytic converters.

    But yeah, old cars, that weigh twice as much as new cars, are the best! Trucks that ride like trucks? Man I miss those. My crap 2002 GMC Sierra, with that high strength steel? Too car-like for me. Who needs comfort? I want the smell of oil and the bounce of a bench seat.

    Oh, and the rear-view mirror that shows the outside temperature and the letters I-C-E when it is near freezing? I hardly ever use that. Mind you, when it does get near freezing I kind of appreciate knowing there might be black ice.

    But the compass direction indicator is a bit much. Except when I'm driving on an unfamiliar road, at night, in the rain.

    So, yeah, you're right. Who needs anything better than a model T? Well, except for the time that hand crank broke my wrist...

    --
    I come here for the love
  12. Re:Get rid of the computer controls... by FranTaylor · · Score: 2

    all of your friends, apparently

  13. Security for self-driving cars by Macdude · · Score: 2

    Let's hope the people designing self-driving cars think about this situation when they start to implement base-to-vehicle and vehicle-to-vehicle communications and isolate the exterior communications from the vehicle control system.

    --
    "Grab them by the pussy" -- President of the United States of America