Charles01 / WikipediaChryslerJeep Cherokee Think this impossible? Last year Wired wrote about a couple of hackers remotely disabling a Chrysler Jeep Cherokee while it was heading down a freeway at 70 miles per hour. The hackers Charlie Miller and Chris Valasek revealed more details in a subsequent presentation at Black Hat USA 2015 a month later. It turns out that their first point of entry into the Jeeps control system was via the Wi-Fi service of the vehicles multimedia system. Sadly cracking its security wasnt that hard: they used a 2014 Jeep Cherokee that was equipped with a Harman-Kardon head unit that controls the central display and entertainment system. Initially they hacked this unit through Wi-Fi (the unit provides a Wi-Fi hotspot for passengers to use) but soon were able to tap into it through its cellular connection which goes over Sprints wireless network. The hackers then connected from the head unit to the cars CAN bus (the command and control system used in many modern vehicles) via a another device a V850 processor which was only configured to only listen to CAN bus traffic. This however didnt stop the hackers because the processor wasnt configured to be secure so they were able to reflash its operating system so that the processor could then both send and receive CAN bus messages thus they: had full access to the cars CAN bus and thus could manipulate almost everythinglocks brakes transmission even take control of steering at low speeds. The subsequent paper by Miller and Valasek Remote Exploitation of an Unaltered Passenger Vehicle goes into to even more detail on how the hack was engineered and they note: The Harman Uconnect system is not limited to the Jeep Cherokee and is quite common in the ChryslerFiat line of automobiles and even looks to make an appearance in the Ferrari California! This means that while the cyber physical aspects of this paper are limited to a 2014 Jeep Cherokee the Uconnect vulnerabilities and information is relevant to any vehicle that includes the system. Therefore the amount of vulnerable vehicles on the road increases dramatically. After the Wired article Fiat Chrysler engineered a patch for the system and Sprint blocked cellular IP access but the Wi-Fi access vulnerability still remained in roughly 1.4 million Fiat Chrysler vehicle. The affected models were: 2013-2015 MY Dodge Viper specialty vehicles 2013-2015 Ram 1500 2500 and 3500 pickups 2013-2015 Ram 3500 4500 5500 Chassis Cabs 2014-2015 Jeep Grand Cherokee and Cherokee SUVs 2014-2015 Dodge Durango SUVs 2015 MY Chrysler 200 Chrysler 300 and Dodge Charger sedans 2015 Dodge Challenger Sports coupes Despite Fiat Chrysler issuing a recall last year there are still millions of cars on the road that havent been patched and while no immediate threats have identified or exploits seen in the wild the vulnerability should still be a serious concern to car owners. Read More:http://www.networkworld.com/article/3091126/security/automotive-cybersecurity-what-we-dont-hack-will-probably-be-used-to-kill-us.html Feel free to contact us via our cash for carswebsite if you are interested in getting a quote The post Automotive cybersecurity appeared first on http://galway.cashforcarsireland.com/ via Cash For Cars - Locations http://galway.cashforcarsireland.com/automotive-cybersecurity/