Chrysler vehicles can be hacked
Extreme Tech ET is not always the most reliable of sources. I know that I have called them out on items which were away from their zone of expertize. But this is about computers which they do know ...
Forum Discussion
itguy08 wrote:
It's unclear how the hack happened. If someone has physical access to your vehicle, then game over. No different than any other "hack". Installing a black box on your OBD port enables you to control 100% of the car and that's on every car made with that system. Especially if you can install custom code on it. So nobody is talking about how this hack happened. But it did happen.
Nice supposition, but the second article clearly states found that they could wirelessly penetrate the same critical systems Miller and Valasek targeted using the car’s OnStar-like cellular connection, Bluetooth bugs, a rogue Android app that synched with the car’s network from the driver’s smartphone or even a malicious audio file on a CD in the car’s stereo system." Wirelessly. No black box. No physical access.
Even requiring physical access is a poor defense. My truck sits in a parking lot all day while I'm at work. Physical access is not a difficult thing to achieve.
itguy08 wrote:
Again nobody is talking and one wonders if these hacks all start out with something connected to the OBD port? The Bluetooth thing is scary but I'd want to know a lot more about how it happened. Was it a BT dongle like we use for scanning for codes or was it through the BT Cell connection. The latter is more scary than the former.
The very section you quoted stated that Scarier yet, another group took control of a car's computers through cellular telephone and Bluetooth connections, the compact disc player and even the tire pressure monitoring system. It seems unlikely that all of them started with a OBD port hack.
itguy08 wrote:
So the question is: if OnStar was hacked first, why did the researchers pick Uconnect? It would have made a much bigger splash to single out OnStar since they have by far the largest installed base!
That's a pretty simple explanation. Notoriety. Doing something first. OnStar has already been exploited on at least a couple of occasions. There's no great fame in being the THIRD guy to do something. No one writes an article about that.
This is the FIRST major breach of the Chrysler system. That gets you publicity and exposure.
If they were looking to exploit on a mass scale to wreak havoc, maybe they would have targeted OnStar for it's larger install base. But they're researchers, looking to prove a point. So a new target is a better way to do that. And it's GOOD to expose these exploits, so they can be fixed. Just like OnStar and BMW's exploits that they patched.
itguy08 wrote:
Again, it's poor engineering on FCA's part. Par for the course with them.
And Microsoft's poor engineering with Windows, and GM's, and BMW's. But you're not concerned about security, or you'd at least be AWARE of those situations, too. You're just looking for a tool to brand bash, regardless of accuracy. It appears to be your primary contribution to this forum.
