Computer Security: your car, my control
We have discussed the Internet of Things (IoT) and its security implications already in past issues of the CERN Bulletin, for example in “Today’s paranoia, tomorrow’s reality” (see here). Unfortunately, tomorrow has come. At this years's Black Hat conference researchers presented their findings on how easily your car can be hacked and controlled remotely. Sigh.
While these researchers have just shown that they can wirelessly hijack a Jeep Cherokee, others have performed similar studies with SmartCars, Fords, a Tesla, a Corvette, BMWs, Chryslers and Mercedes! With the increasing computerisation of cars, the engine management system, air conditioning, anti-lock braking system, electronic stability programme, etc. are linked to the infotainment, navigation and communication systems, opening the door for these vehicles to be hacked remotely. The now prevalent Bluetooth connection with smartphones is one entry vector to attack your car remotely. A second is the built-in GSM modem, which is even part of a new legal requirement in EU states for cars to be fitted with the ability to make automatic emergency calls (eCalls). The aforementioned researchers found a vulnerability in the Fiat/Jeep “Uconnect” GSM feature that allowed them to connect to a Jeep Cherokee remotely, manipulate its firmware, and, finally, take full control of the radio, the air con, and even the accelerator! Definitely not something you want to experience on the motorway… The other findings concerning Fords, Teslas, and Corvettes are no less worrying…
So, computer security problems that were prevalent in PCs in the 1990s and led to industrial control systems in the 2000s (see our article “Hacking control systems, switching lights off!”) are now entering our daily life (“Our life in symbiosis”)! And while patching CERN’s LHC control systems is already a big and complicated effort, how is your security at home? For your car? For your fridge? For your home entertainment system?
P.S. If you own a Jeep Cherokee, a patch for this flaw is available here. European models are said not to be affected.
For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report.
Access the entire collection of Computer Security articles here.
by Stefan Lueders, Computer Security Team
