Got internet? Then you will probably have read about the Jeep Cherokee hack performed by Charlie Miller (Security Engineer, Twitter) and Chris Valasek (Director of Vehicle Safety Research, IOActive) while Andy Greenberg (Senior Writer, Wired) was driving. If not watch the video below!
The two hackers have been able to access the car wirelessly and to perform highly dangerous tasks like disabling the brakes and cutting off the engine. Even more concerning, Miller and Valasek claim that it would easily be possible to hack nearly any other 2014/2015 Chrysler model equipped with the UConnect feature with their code; all that’s required by the hacker is the IP address of the car.
Performing the hack did take the two specialists several months – this thought might be a little comforting. However many hackers and groups of hackers start with ambitious projects like this in order to get attention which helps them to land a good job discovering security gaps for companies. Even more dangerous are hackers who break into soft- and hardware of electronic objects with a political, radical or other criminal motivation with no intention of turning “good”.
There are enough risks which justify a closer look on what went wrong at Chrysler and how this translates into the IoT.
The key questions arising from the incident for complex systems are
- What is connected?
- How much is security worth?
- How much effort to hack your system is too much effort to make it attractive to attack?
- How to ensure safety over time?
The first major problem with security especially regarding modern vehicles is to answer the question “what is connected?”. Hacking the UConnect is not necessarily a life-threatening risk as turning up the volume, displaying a different picture on the navigation screen or making calls via the infotainment system won’t result into an accident. However in the Jeep case Miller and Valasek were able to use the system as wireless entry point and modify the firmware in order to access the car’s internal computer network, known as a CAN bus. Through this connection they were able to interfere with the physical components of the Cherokee like the engine and the brakes.
Accessing the CAN of a car without the UConnect would require physical access to the vehicle. The security of a system therefore depends on the security levels of all objects and devices which are part of it. This means a system can only be as secure as the “weakest” part of it – which in this case was the UConnect.
Securing everything can be complex and raises the question “How much is security worth?” The UConnect itself would not need any highly-sophisticated security. Placed in a car – a system with many other connected applications – it does. However it is hard to convince customers to pay more more for an infotainment system than they already do. This makes the work from Miller and Valasek very important as it might help to create some awareness for security and its necessity.
The Jeep Cherokee interior with UConnect (image: Fiat Chrysler Automobiles)
Assuming your security budget is flexible enough to implement advanced security technology you will need to get a clear picture about “How much effort to hack your system is too much effort to make it attractive to attack”. There is no 100% secure solution for any connected system. In case of the Jeep, spending several months to hack into the vehicle, could still be attractive as the effects which you can generate are fatal. For a cyber-terrorist this is the dream – especially as the malicious software code can be used to hack multiple cars if the attacker knows their IP addresses. For the customer this is a nightmare.
Chrysler’s biggest mistake is that they had a secure car and then developed a WiFi-entertainment option which was secure enough for its initial purpose but not for the system in which it was embedded.
In order to resolve the issue the car has to be updated via USB stick or by your car dealer. This imperfect implementation of security shows exactly how important it is to plan in advance “how to ensure safety over time?”. Only tech savvy Jeep owners will download the software, copy it to a USB stick and plug in into the car’s dashboard in order to install it. In addition many drivers will not worry enough to take their car to a service station leaving thousands of cars exposed to a possible hack.
How to do updates the “right” way is demonstrated by Tesla. Start the car, get a notification, press yes – that’s it! The software is installed on the go, wirelessly and without extra effort.
In Chrysler’s case it would also have been a possible measure to add hardware security between UConnect and the CAN bus of the vehicles. With a sophisticated solution this could have prevented wireless access at least to the most dangerous parts of the car.
cover picture credit: Fiat Chrysler Automobiles