Andy Greenberg and associates demonstrated that they can remotely hijack a Jeep Cherokee, making it do things that could kill everyone in it. Fiat Chrysler is recalling 1.4 million vehicles as a result of this revelation. Greenberg doesn’t fully explain how they did it, for obvious reasons, but he tells us this:
All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country.
Every computer on the Internet has an IP address, so the real issue is the “one vulnerable element.” We can only guess about it, but this seems like serious negligence on Chrysler’s part. When a computer system can put people’s lives at risk, you have to pay serious attention to security. According to a Computerworld article, it’s the entertainment system which is open to remote access, but it “is commonly connected to various electronic control units (ECUs) located throughout a modern vehicle. There can be as many as 200 ECUs in a vehicle.”
A basic principle of secure design is that you grant only as much access as is necessary. It’s hard to imagine why an entertainment system would need access to life-critical components. If it is necessary, perhaps so that a warning of a major malfunction can go to the speakers, the critical component needs a firewall that limits the access it allows. Did Chrysler allow the entertainment system free run of its ECUs, or was the firewall defective? We don’t know yet, and maybe it will never be made public.
Read the rest of this entry »