Chrysler vehicles can be hacked

jtallon wrote:

Nice supposition, but the second article clearly states found that they could wirelessly penetrate the same critical systems Miller and Valasek targeted using the car’s OnStar-like cellular connection, Bluetooth bugs, a rogue Android app that synched with the car’s network from the driver’s smartphone or even a malicious audio file on a CD in the car’s stereo system." Wirelessly. No black box. No physical access.

Sure. But that's no different than any car on the road today. Brake lines can be loosened/cut, tires can be deflated, GPS trackers can be installed. Once anyone has physical access the game is over. It's the #1 defense in any security system. Secure physical access.

Heck, it's a long shot but I'd bet someone could take your true for a few hours each day without you even noticing it if you're like many who do not have views of the parking lot and go into work at, say 8am, lunch @12, and out at 5.

The very section you quoted stated that Scarier yet, another group took control of a car's computers through cellular telephone and Bluetooth connections, the compact disc player and even the tire pressure monitoring system. It seems unlikely that all of them started with a OBD port hack.

You and I don't know that. I would hope that the TPMS has no capabilities to backed into the ECU. And if it does then that's a bigger issue, especially for those that use wireless sensors. Probably what they did was flood the TPMS wireless radio and used that to gain access to the ECU for reprogramming. Similarly to how they jailbreak and root iPhones and Android phones.

I'd also never pop in an unknown CD, USB stick, etc. But that's me.

I'm curious as to the exact details of the exploit so we can gauge the threat. If it's through BT the threat is small as they'd have to be practically on top of me to get it to work.

The scary thing with the Chrysler hack is that as long as they were on the Sprint network they got VIN, IP's, and GPS coordinates for vehicles in a large geographic area. That should not be possible. That sort of stuff should be protected via SSL at the least or some sort of encryption algorithm tied to the VIN. Once I have your IP it's easy to attack it and that seems precisely what they did.

That's a pretty simple explanation. Notoriety. Doing something first. OnStar has already been exploited on at least a couple of occasions. There's no great fame in being the THIRD guy to do something. No one writes an article about that.

Yet this is the one that is getting (and I shudder at the thought) Congress to do something. So either the Onstar stuff was not that great or this is the tipping point. Take your pick.

And Microsoft's poor engineering with Windows, and GM's, and BMW's. But you're not concerned about security, or you'd at least be AWARE of those situations, too. You're just looking for a tool to brand bash, regardless of accuracy. It appears to be your primary contribution to this forum.

Nice try. Don't get me started on the security mess that is Windows and how poorly programmed that ecosystem is. Microsoft is trying but until they do a ground up re-code that ain't going to happen. That's another topic for another board. And, FYI I don't run Windows so I am concerned about security (again nice try). So rather than trying to defend poor practices, I choose to avoid them. I also don't use the excuse "they all do that".

GM and BMW also have poorly engineered systems. There, I said it. Doesn't change the fact that the Chrysler system seems to be the worst.