A hacker who hacked up the jeep and succeeded hacking again succeeded again, and this time, by steering the steering wheel "to succeed"



In July 2015, a hacker combination that revealed that Jeep's SUV "Cherokee" can be hijacked over the network has revealed that he succeeded in hacking again. Although hacking done in 2015 was effective only in certain specific environments, this time it is "upgrading upwards" that you can handle steering wheel and brake during normal driving.

The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse | WIRED
https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/

Another successful hacking of the Jeep was two people, Cyber ​​Security experts Mr. Charlie Miller and Mr. Chris Balasek. Jeep's parent company Fiat Chrysler has been forced to respond to the 1.4 million unit recall to update the in-vehicle software, as the two publicly announced the successful hacking of Jeep Cherokee in 2015 It was.

Experimental movie stopping the air conditioner of the jeep running or turning off the engine by remote control - GIGAZINE


The problem revealed at this time is that the vulnerability that existed in software of Fiat · Chrysler's information terminal "Uconnect" installed in the vehicle allowed the air conditioner, audio and horn to be freely operated while traveling , The operation of stopping the engine while traveling on a highway was executed remotely from a place away from the vehicle.

Even with hacking as of 2015, it was possible to control important equipment of the vehicle such as steering wheel and brake, but this is only when the vehicle is traveling at a speed of less than 5 mph (about 8 km / h) per hour Or it was only when you entered auto parking mode by putting a shift into "R". This is due to the safety mechanism (safeguard) that the on-board computer checks the condition of the vehicle and cancels the operation when it is out of the condition.

Mr. Mr. Mr. Mr. Mr. Mr. Barassek pointed out that the potential dangers were resolved, but both names have discovered that vulnerability exists in the same vehicle again. Actually, the state that the handling of Jeep Cherokee's handling is being operated is contained in the following movie, but in the end it leaves the road and is stuck in the roadside belt.

Steer fast 2 - YouTube


Inside the car of Jeep Cherokee stopping on the corn field road. A driver sits in the driver's seat and another person sits on the rear seat operates the steering wheel.


The notebook PC placed in the seat is displaying logs as if it is taking logs.


When the car starts running and reaches a certain speed, when sending a command with a countdown of "3, 2, 1 ......" ... ...


The steering wheel arbitrarily bent "ぐ い っ", and the car turned to the right.


It was a driver who grasped the steering wheel in a hurry ... ...


I stopped at a sloping side street off the road. It is hard to imagine that this is an urban area, leading to a major accident.


It was a sight that seemed to shake the safety of the car from the fundamentals, but this time hacking is different from last time,Physically it is necessary for the vehicle and the PC to be connectedThat is a big difference. Specifically, it connects to the system of the vehicle via the "OBD 2" connector that can acquire vehicle information. However, even if you actually tried hacking, it is necessary to connect to the OBD 2 connector of the target vehicle, so it is said that it is unlikely that malicious hacking will be easily done easily. However, American insurance companies use a type of vehicle management device that connects to OBD 2, and the possibility that this device is first hacked remotely and further the vehicle is hacked is not zero.

In addition, it is necessary to keep in mind that the car software used for this hacking is used from the latest one for one generation old. In this regard, Fiat Chrysler emphasized that it is not possible to operate over the network, "This demonstration requires physically connecting the computer to the OBD port of the vehicle. Although praising the creativity of the name, no new method of hijacking and manipulating the vehicle remotely from the outside is shown, "commented WIRED. Furthermore, touching on the fact that the software of the vehicle is of an older generation, "When the vehicle software is updated to the latest one, it is hard to think that the same problem occurs, We emphasize sex.

As a result, it is almost certainly a vulnerability that can be avoided if it is the latest software, but the fundamental problem presented by both hackers can be any method, so if you can even take over the software, It is at the point that you can operate the vehicle freely.

It was an event that occurred in the vehicle of Fiat · Chrysler this time, but as a vulnerability common to all cars that have been digitized as well as the corresponding vehicle and software version, "making perfect software is It is necessary to have the recognition that it can not be done ", and more importantly, unlike common PC · smaho," Drivers are hard to understand how to prevent and prevent self-defense ". For that reason, the manufacturer's responsibility will be more important in the future considering the appearance of things like automatic driving cars, and should be regarded more important as "criteria at the time of discovery of security problems" as a criterion for car selection .

Mr. Mr. Mr. Mr. Mr. Mr. Mr. Mr. Mr. Mr. Mr. Mr. Mr. Mr. Barrasek are to present this vulnerability on "Black Hat 2016" of the world's largest security conference to be held from July 30 to August 4, 2016.

Black Hat | Home

in Software,   Ride,   Video,   Security, Posted by darkhorse_log