Bloomberg News report
SAN FRANCISCO (July 31, 2015) — The Jeep Cherokee brought to a halt by hackers last week exposed wireless networks as the weakest link in high-tech vehicles, underscoring the need to find fast over-the-air fixes to block malicious intrusions.
Features that buyers now expect in most modern automobiles, such as driving directions and restaurant guides, count on a constant connection to a telecommunications network. But that link also makes cars vulnerable to security invasions like those that threaten computers in homes and businesses.
“The Jeep case was a great example of how it's not about the vehicle itself, but the network,” said Thilo Koslowski, an automotive-technology analyst at Gartner Inc. “Once these systems are connected to the outside and start to talking to each other, that's when the problems start.”
The hack forced Fiat Chrysler Automobiles N.V. (FCA) to recall 1.4 million vehicles and ask Sprint Corp. to issue a temporary fix over its network. In that controlled demonstration, two security experts accessed the Jeep's Uconnect infotainment system via Sprint's network, hijacking basic functions and stopping the vehicle from miles away.
The duo are scheduled to show their feat again at the Black Hat USA 2015 hackers conference in Las Vegas, which starts Aug. 1.
While previous hacking demonstrations took place with a direct cable link into cars' diagnostics ports, the over-the-airwaves hack by Charlie Miller and Chris Valasek, conducted for Wired magazine, required no physical access to the Jeep to shut it down.
Messrs. Miller and Valasek informed FCA of the flaws they exploited, giving engineers time to make fixes. When they discuss the car hack again at Black Hat on Aug. 5 in Las Vegas, security professionals will get a look at the duo's discoveries, while auto makers and telecom companies will get a peek into a possibly unpleasant future.