Car hacking: manufacturers must improve security following Jeep hack
Source : Car hacking: manufacturers must improve security following Jeep hack
Car manufacturers should reconsider how quickly they bring fresh technology to market, according to the Institute of Electric in addition to Electronics Engineers
Car manufacturers need to step back in addition to reconsider the digital security of their products following the most recent case of vehicle hacking within the US.
of which’s according to Professor Kevin Curran, a senior member of the Institute of Electric in addition to Electronics Engineers.
Speaking to Autocar, Professor Curran said car manufacturers appeared to be more concerned with beating the competition to market with fresh technology, rather than fully testing its security. “I have a feeling they are rushing out features, in addition to every industry can be guilty of of which,” he said. “I’d say there’s a rush to market in addition to security can be almost an afterthought.”
Citing a lack of regulation within the automotive arena over the introduction of connected technology, Professor Curran said car makers should be following the example of the airline industry, where there are far more stringent security checks. “On planes, we have to rely on the airline manufacturers knowing better in addition to erring on the side of safety,” he said. “Why can the same not be true of car manufacturers?
“I would certainly urge manufacturers to think, in addition to I would certainly wish there would certainly be a think tank or Centeng which can oversee the security of these devices. We’ve never been within the position before where someone can cause so much destruction to a car via such a great distance.”
Hackers take control of Jeep Cherokee
Professor Curran’s comments on digital security come just weeks after two hackers within the US were able to successfully gain access to in addition to control a Jeep Cherokee driving along a public road via a distance of 10 miles away.
The experiment, conducted for Wired magazine, showed how a car could be wirelessly hacked in addition to controlled without the hacker being in close proximity. within the experiment, hackers Charlie Miller in addition to Chris Valasek used what’s been described as a flaw in Fiat Chrysler Automobiles’ UConnect infotainment system to hack the vehicle.
Once the duo had access, they were able to activate the vehicle’s windscreen wipers, alter its climate control settings, play different music through the infotainment system in addition to – most worryingly – deactivate the accelerator while the vehicle was travelling at motorway speeds. At lower speeds, the pair could also apply the brakes – or deactivate them – in addition to kill the engine completely.
Miller in addition to Valasek were also able to monitor vulnerable vehicles via a laptop – showing the location in addition to speed of vehicles connected to the UConnect system. The system can be vulnerable as, like many others, of which uses a mobile data network connection to access connected services. Miller in addition to Valasek’s hack lets them infiltrate the vehicle’s infotainment system in addition to then issue commands which are spread to some other areas of the vehicle via the CAN bus network.
Speaking to Wired, Valasek said: “via an attacker’s perspective, of which’s a super-nice vulnerability.
“If consumers don’t realise This kind of can be an issue, they should, in addition to they should start complaining to car makers. This kind of might be the kind of software bug most likely to kill someone.”
Both hackers have been sharing their data with FCA for the past nine months, notifying the firm of potential flaws in its system. Late last month FCA issued an official recall for the 1.4 million vehicles of which were vulnerable. A spokesman has confirmed to Autocar of which the recall does not affect any cars within the UK.
The company said: “The hack published in Wired magazine was conducted through embedded cellular connectivity (Connected Vehicle), a feature of which can be not available in vehicles sold outside of the US, since international markets are currently not offering the same connectivity feature as the US-market vehicles.
“Under no circumstances does FCA condone or believe of which’s appropriate to disclose ‘how to’ information of which would certainly potentially encourage, or help enable hackers to gain unauthorised in addition to unlawful access to vehicle systems.”
Previous car hacking successes
This kind of isn’t initially the Miller in addition to Valasek have successfully hacked a vehicle. In 2013 they were able to take control of a Toyota Prius – although at the time the hack could only be achieved via a physical connection to the vehicle. of which’s taken another two years of research to conduct the hack wirelessly.
Miller in addition to Valasek have previously published a paper within the US, identifying the systems in addition to vehicles most susceptible to hacking. Of the many connected systems in modern cars, the duo said the keyless entry in addition to tyre pressure monitoring systems (TPMS) today common to most vehicles would certainly be significantly vulnerable to attack.
The survey also ranked 24 vehicles on the ease of which they could be hacked. Among the cars of which were deemed ‘most hackable’ were the Audi A8, Jeep Cherokee, Ford Fusion, Range Rover Evoque, BMW X3 in addition to Toyota Prius.
Although Miller in addition to Valasek’s hack has become one of the most high-profile cases of car hacking, some other cases have previously highlighted the vulnerability of connected systems. In 2014 a group of Chinese students were able to hack a Tesla product S as part of a competition at the Syscan conference in Beijing.
A prize of $10,000 was on offer to anyone who could gain access to the product S while of which was locked, with the students managing to open the vehicle’s doors in addition to bonnet. While not officially endorsing the project, Tesla issued a statement saying: “We support the idea of providing an environment in which responsible security researchers can help identify potential vulnerabilities.”
Swiss hacker Boris Danev has also been able to successfully hack vehicles, by utilising a flaw within the keyless entry systems used by many premium manufacturers. His hack, which works by amplifying the signal sent by a car’s key fob to be detected by a vehicle, allowed him to gain entry to in addition to drive off in multiple cars via different manufacturers.
Danev’s method can be a more high-tech variation of the hack used by criminals to reprogram car keys here within the UK – something of which has already prompted concern via many car makers.
Danev has developed a silicon chip of which ends This kind of vulnerability in addition to can be in discussions to incorporate the technology in several manufacturers’ key fobs, yet of which’s not required to be on sale until at least 2018.
fresh legislation to rate cars for digital security
Authorities within the US are within the process of drafting an automotive security bill of which could involve introducing a digital security rating system for cars. As part of research into the bill, US senators asked 20 car makers to outline their digital security procedures.
Out of the 16 of which responded, just seven said they worked with independent companies to identify in addition to fix flaws in their systems, in addition to only two have monitoring systems of which actively search for potential attacks.
within the UK, where many early-stage studies are under way to create autonomous vehicles, a fresh code of practice issued by the Department for Transport has set out the rules for bringing driverless cars to fruition in This kind of country.
As part of the code of practice, a section on ‘cyber security’ states: “Manufacturers providing vehicles, in addition to some other organisations supplying parts for testing will need to ensure of which all prototype automated controllers in addition to some other vehicle systems have appropriate levels of security built into them to manage any risk of unauthorised access.”
Get the latest car news, reviews in addition to galleries via Autocar direct to your inbox every week. Enter your email address below:
by via Autocar RSS Feed