By now, maybe you’ve heard about this pair of security researchers who remotely exploited a new Jeep Cherokee, to make it do very unsafe things for a wired magazine article. I felt compelled to write a follow-up article. Some of you may know, I work in IT. I have an interest in IT security, because it’s part of my job for one, and it presents a really fun challenge, on both sides. The thrill of circumventing security, and the thrill of finding the right way to prevent that sort of unauthorized access. I enjoy both sides of the coin. Many of the rest of you may find it interesting as well, given the sort of person who’s into vehicle modifications. With the right training, you’d probably find it as fun as I do. A lot of the concepts you use in modifying your Jeep, apply to many other technical fields. IT, and IT security are no different. My ties to the IT industry, and the community of Jeep enthusiasts, I feel, makes me at least somewhat qualified to take this hack, which is shocking, and very interesting, from both the automotive side, and the IT Security side, and try to bring it into a form that the average Jeep owner can digest.
Attack surface is an easy way of stating what target you’re aiming for. Imagine you’re building a castle, and you want to keep guys with pointy spears out. You build a big wall, as smooth as possible, and high enough that the guys with spears cant get over it, or throw their spears over it. The gate in the wall that lets your people get in and out might be called the attack surface. Its the weakest point because by design, it has to be able to open and close. So in this case the attack surface is a combination of a few very poorly engineered pieces of technology. uConnect, and Internet accessibility. The wired article doesn’t go into much detail here, but I’m making a few educated guesses from what I know about both sides of this. First, uConnect has several models. The higher end models apparently have the ability to connect to the internet via a Sprint cellular connection. Now, I had a 2013 JK, with a base model uConnect with bluetooth connectivity. I’m pretty certain that this vehicle had nothing that connected it to the internet. I suspect that this is a feature that comes with the higher end models, and even then I’ve heard that it’s a subscription type service that you have to opt in to. This may mean that if you’re not paying for that added feature, or you didnt buy your vehicle with that capability, you’re “safe”. And I say “safe” in that you’re not as succeptible as someone who has that cellular uplink. Why? Well, because there’s no uplink to the internet! This, in my opinion, is the biggest flaw in the design. The security here is based solely on obscurity. No one knows what to look for, and so no one knows that it’s there. It’s like hiding a diamond at the bottom of a ball pit. No one knows that there’s a diamond down there, so no one looks for it. Until someday someone has a great idea that maybe there’s something awesome at the bottom of the ball pit, and goes looking. Well that’s what happened here. They found out the sprint link, and decided to go looking. What they found was a very poorly protected network of cars, all over the US, just waiting to be broken into.
So the attack goes something like this: The attacker scans the sprint network for an IP address that looks like it fit’s the signature of one of these devices. I’d imagine that the researchers figured out what one of these vehicles looks like based on what services they’re running. Then they connect to the IP address of the vehicles cellular link, which gets them into the car. Once they’re in there, the security is non-existent! This is the real failure. This is where auto manufacturers really need to get their act together. These cars are like little computer networks. There’s a network that handles entertainment, and another for basic functions like your windshield wipers, and your horn and whatnot, and then there’s the essential components, like your transmission, brakes, motor, and steering. Newer cars that are mostly drive-by-wire make it so that every single input that the driver makes into the car, is just a digital signal that is sent to the car’s computer, and acted on.
The real problem here is, all of these various “networks” are inter-connected. So your uConnect is sitting logically right next to the controls for your brakes, and steering. So, an attacker can get into your vehicles network via this Sprint link, once they’re there, getting to other fucntions of the car is simple. In this case they re-wrote a chip in the uConnect to act as an interface to the vehicles CAN bus, which apparently is the network that controls all of the car’s functions.
So what does this mean?
There are a ton of problems here. Best case? It means that car thieves now have one more high-tech means of stealing your car. Worst case, well, let’s just say I’d hate to see what would happen if someone bent on causing mayhem got ahold of this technology. They could cause mass panic, and lots of injuries if they suddenly could run any vehicle they wanted off the road, or into buildings or something.
So what can be done?
Short term? Auto manufacturers need to be smart, and close off the remote access. Which I suspect is what Fiat is doing with the patch they’ve released. Long term though, they really need to step up their game. If you’re going to build these tech-laden cars, you need to start to employ the same security measures that the IT industry has been perfecting for years. Don’t let critical systems and user-facing systems communicate with each-other. Why on earth would your entertainment system need to be able to interact with the network that controls your car’s brakes!?
It’s not time to sell your car and start riding a bicicle though. There is good news, and that is that of the millions of cars on the road, only a small subset of them are affected. From what I’ve been able to gather, there’s a few pieces that need to be in place.
1. Your car has to be connected to the internet. This is optional, and not every Jeep rolling off the line has this feature.
2. Your car has to be new enough that it’s drive by wire. The real scary stuff happens when your car’s software is what’s driving your car (usually based on your input). My 2005 LJ for example, is not a problem, it’s too old. My 2013 JK might have been a problem, if it had been internet connected.
The down side here is, these features are getting more and more popular. So people want them, and they’re only going to get more prevalent.
Remember, these guys aren’t the bad guys
I hate hearing the negative connotation that comes with the word “Hacker” from most media outlets. Wired did a great job in painting these guys as exactly what they are. Smart guys, who poked at something interesting, and found a really scary problem. Who then reported it to the guys who can fix it, BEFORE going to the public with it. You need to remember, that in many cases, going public is the only way to ensure that the manufacturer will do anything about the problem. Otherwise they won’t take it seriously, and they’ll just pull the hoods back down over their eyes, convincing themselves that no one else will ever figure it out.