Chrysler is striving to turn the traditional automobile into a smart, connected device – and although it’s an innovative, exciting concept, there’s a significant downfall. Chrysler’s UConnect system, which has been installed into cars since the end of 2013, is an Internet-connected feature that controls entertainment and navigation capabilities while offering a Wi-Fi hot spot.
Sounds great, doesn’t it? Not so fast… UConnect actually has a major vulnerability – allowing anyone who’s aware of the car’s IP address to gain access, even if they’re in a far away location. This means an attacker could take complete control of your car – taking you right off the road in an instant.
The Software Bug That Puts Lives at Risk…
Charlie Miller, a researcher looking into the vulnerability, explained, “this might be the kind of software bug most likely to kill someone.” In fact, in a live demo, the vulnerability was exploited to cut off the transmission and brakes in a Jeep Cherokee.
As you can imagine, this is extremely dangerous, especially considering the attacker doesn’t need physical access to the vehicle. The attacker doesn’t even need to be in a nearby region! At the moment, researchers are withholding various details on the bug, in order to prevent the bug from being exploited.
If you’re currently driving an impacted vehicle, get to the dealership or install the patch manually using a USB immediately. Don’t wait. The patch can be downloaded here.
Author: Joe Martin, Date: 2015-07-24