Image Credits: Wired |
According to a report published on Wired, zero-day exploit for Chrysler vehicles allow hackers to control everything from the engine to the air-conditioning over the Internet, overriding the driver at the dashboard.
It has been found out that the Uconnect software, which manages the vehicle’s entertainment and navigation systems, provides a Wi-Fi hotspot, and allows drivers to make phone calls. It is said that if anyone who knows the car's IP address can hijack the car.
In the report, Andy Greenberg, senior writer, explained that he signed up to be a guinea pig for security researchers Charlie Miller and Chris Valasek. He was strapped into a Jeep and directed to head onto the highway. From 10 miles away, Miller and Valasek proceeded to hack into his car's software, toggling the windshield wipers, blasting the radio, and, eventually, cutting the transmission.
“Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun,” Greenberg said.
After that, the hackers successfully took over the jeep’s brakes as a result it went into a ditch.
“Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route,” he explained.
According to the news report, on Tuesday Senators Ed Markey (D-Massachusetts) and Richard Blumenthal (D-Connecticut) announced legislation that would ensure automobile companies to meet privacy measures to protect against cyber attacks.
In order to prevent the car hacking, Miller and Valasek reported about the flaw in the vehicles to the company concerned, months ago.
The Chrysler has come up with an updated version of the software however, the company has to manually download it and upgrade their cars through a USB drive.