Tag Archive for: Jeep

Chris Valasek on Hacking The Jeep Cherokee

/in


Podcast: Play in new window | Download (Duration: 18:11 — 25.0MB) | Embed

Subscribe: Google Podcasts | Email |

If its midsummer, it must be time for hacker summer camp. The Black Hat Briefings cybersecurity conference kicks off tomorrow in Las Vegas, after a year that saw both Black Hat and DEFCON postponed. Both conferences will be held in person and online And, after a year interrupted by the COVID pandemic, 2021 promises a return to something approaching normal – if you can look past the surging Delta Variant COVID cases in and around Las Vegas. 

With the event almost upon us, we’re running an encore edition of the podcast and looking back to one of the the most significant Black Hat presentations of all time, the 2015 demonstration of a wireless, software based hack of a Chrysler Jeep Cherokee by security researchers Chris Valasek and Charlie Miller. 

In this interview from July 2015, I speak with Chis, who was then, the Director of Vehicle Research at IOActive about the work he and Charlie did to develop their wireless attack that gave them remote control the Cherokee’s braking, steering and acceleration of late model Chrysler vehicles. (Chris is now the Director of Product Security at Cruze.)

The issue is one that has taken on even more importance in the six years since this interview aired. For one thing: the role of software in modern vehicles has only grown, with software based hands free and “autonomous” driving features now common in late model vehicles. Tesla recently released FSD v9 – an update to its “fully self driving” software that – the company admits – is a bit of a misnomer. NHTSA is investigating three dozen crashes involving vehicles using driver assistance features.  

Autonomous vehicles could save more lives than they take. That might not matter.

As it has in recent years, DEFCOn will feature a Car Hacking Village this year that brings together some of the world’s top automotive cyber experts (and a lot of tinkerers) to poke holes in common vehicle hardware and software systems. With US roads being used as a test bed and drivers filling in as “crash test dummies” for companies like Tesla,…

Source…

Opsec fail: Baltimore teen car thieves paired phones with Jeep UConnect

/in

A Nest video screen grab of a November 22 burglary led to one teen’s arrest—and the online hunt for others. (credit: @BaconisFruit)

On November 22, 2015, a group of teenagers broke into the house of a Baltimore man, stealing his bicycle and finding a spare key to his Jeep Renegade. They then took off, stealing the Jeep and taking it for a multiday joyride before abandoning it with an empty gas tank and some minor damage.

In Baltimore (as I can sadly say from personal experience), the story would usually end there with an insurance claim and a shrug. But the group of young men involved in the burglary and theft were all captured on a Nest camera as they rifled through drawers. And some of them left more potential digital evidence when they paired their phones over Bluetooth with the Jeep’s UConnect system.

One of the thieves was identified from a head shot from the camera footage a few weeks later by a school police officer and has already pleaded guilty in juvenile court. But the apprehended youth wouldn’t give police the identities of the others involved in the theft. Because he’s a juvenile, he’ll likely be released soon.

Read 4 remaining paragraphs | Comments

Technology Lab – Ars Technica

BlackBerry denies its OS was to blame in Jeep Cherokee hack

/in

Responding to an accusatory blog post, BlackBerry has again denied that its embedded operating system caused the potentially dangerous vulnerability recently demonstrated in Chrysler Jeep Cherokees.

Last month, security researchers demonstrated how to circumnavigate the in-vehicle entertainment system of the Jeep Cherokee to take over the car itself, including control of the dashboard, steering mechanism, transmission, locks, and brakes.

Over 1.4 million vehicles have subsequently been recalled to fix the problem. The dealerships will install updated software, though owners can install the update themselves.

To read this article in full or to leave a comment, please click here

Network World Security

Baby, you can hack my car: researchers take over a Jeep from 10 miles away

/in

Two renowned security researchers have discovered a way to remotely hack into and take over a Jeep Cherokee, controlling the brakes and accelerator as well as other components.
Naked Security – Sophos