Column: Carjacking just got real with Wi-Fi hacking

WASHINGTON – Question: How worried should I be about my new car that has Wi-Fi getting hacked?

Answer: The security industry has been warning car manufacturers about the growing dangers of adding customer convenience technology without a strong focus on security.

The race to have all the coolest features could put customers at risk, and now two prominent security researchers have unequivocally proven it.

Their previous “proof of concept” hacks in 2013 required physical access to the vehicle, which caused the auto industry to shrug the problem off as an unlikely event.

This caused the security experts to focus on newer cars with internet connectivity, which they found to be much more exposed.

 

Car Hacking Just Got Real

A recent Wired article (Hackers Remotely Kill a Jeep on the Highway—With Me in It ) showed just how vulnerable cars equipped with the Uconnect technology are to being remotely hacked.

Unlike previous demonstrations that required hackers to be in the back seat, this new experiment showed how a computer in the basement of a house 10 miles away could wreak havoc on a Jeep Cherokee driving on a St. Louis freeway.

These hackers were able to remotely control everything from the climate control system to the windshield wipers and entertainment system.

Then came the really disconcerting part of the hack: they were able to cut the transmission so that the car no longer could accelerate. Even worse, they cut the Jeep’s brakes and made minor steering hacks, which caused the test car to slide into a ditch.

Another thing the researchers showed was that they could track the vehicle using GPS coordinates, so privacy issues are also in play.

They’ve been working with Chrysler for the past nine months to fix the vulnerability, which has resulted in a patch.

 

What You Should Do To Protect Your Vehicle

Anyone owning a Jeep/Chrysler/Dodge/Fiat vehicle with the Uconnect system should immediately check to see if their vehicle needs the security update by entering their 17 digit VIN here.

If an update is available, users can manually protect themselves by downloading the fix to a USB drive or taking it to the dealer for a free update.  Customers with questions can call 877-855-8400.

It’s extremely important that at-risk drivers protect their vehicles immediately, as the researchers plan to unveil the technical details of how they did it at the upcoming Black Hat hacker conference in early August.

Their reason for sharing the research is for peer review and, more importantly, to make sure that the entire automotive industry takes them serious this time.

 

Most and Least Hackable Cars

The researchers have also compiled a 94-page report showing many other at-risk vehicles. The most hackable models are the 2014 Jeep Cherokee, 2015 Cadillac Escalade and 2014 Infiniti Q50.

The least hackable cars were the 2014 Dodge Viper, 2014 Audi A8 and the 2014 Honda Accord, so the issue is not specific to any one car manufacturer.

All drivers with technology that wirelessly connects their cars to the Internet should start routinely monitoring security updates from car manufacturer’s websites.

Ken Colburn is founder and CEO of Data Doctors Computer Services.  Ask any tech question at: https://facebook.com/DataDoctors or on Twitter @TheDataDoc.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up