2010 Jeep Liberty 4x4 Sport Am/fm Cruise Sunroof Aux Auto One 1 Owner Cln Carfax on 2040-cars

Auto blog

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

Are future vehicular hacks inevitable?

Before the hack of the Uconnect system in a Jeep Cherokee resulted in a 1.4-million vehicle recall, the potential software vulnerabilities in vehicles were already a hot topic with Congressional inquiries and even proposed legislation in the US. As cars' interconnected systems gain the ability to go online, they become open to a host of new threats. Automakers are trying to stop this, but it might be too late to put the genie back into the bottle. Throughout 2015, the issue of software security in vehicles has become increasingly vital. For example, the recent Jeep case wasn't even the biggest hack this year. In February, a major flaw was discovered in the BMW Connected Drive service that allowed researchers to remotely lock and unlock the doors and potentially affected 2.2 million cars. The fix was an over-the-air patch for the problem. Automakers are actively working to fix the issues. Mercedes-Benz, BMW, and Audi reportedly are using encrypted connections and firewalls in their vehicles to prevent hacking. "Absolute, 100-percent safety isn't possible," Daimler spokesperson Benjamin Oberkersch said to Automotive News Europe. "But we develop our systems, tested by internal and external experts, so they're up to date." These vulnerabilities seem to be popping up more often. A successful hack took $14 in parts from Radio Shack in one case. There was also a 60 Minutes report earlier in the year about DARPA's ability to hack into OnStar to take control of a Chevrolet Impala. Experts aren't so sure companies can contend with hackers' advancement. "The difficulty for the carmakers at the moment is the question whether they can keep pace with advances in technology, and especially hacking technology," Rainer Scholz, executive director for telematics consultant EY, said to Automotive News Europe. "We seriously doubt they can." At this point, vehicle hacks are coming more from researchers looking for holes than from those with malicious intent. Still, the vulnerabilities are definitely there. It's up to automakers to keep patching the problems before they become dangerous to drivers. Related Video: News Source: Automotive News Europe - sub. req.Image Credit: Bill O'Leary / The Washington Post via Getty Images Audi BMW Jeep Mercedes-Benz Safety Technology Emerging Technologies hacking cyber security

SEMA crowns Mustang, FR-S as this year's hottest cars in the building

After wrapping up the first day of the 2012 SEMA Show, organizers handed out awards for some of the trendiest vehicles on display. Since the whole point of SEMA is to show off new products available in the aftermarket world for use in cars, trucks and SUVs, each year, the show distinguishes the most popular vehicle in various segments. Not surprisingly, this year's Hottest Car and Hottest Sport Compact are the Ford Mustang and Scion FR-S, respectively, while the Ford F-Series brought home the Hottest Truck and the Jeep Wrangler was named the Hottest 4x4-SUV.
More than 2,000 companies are at this year's show, and the display booths represents a "vote" for each car to determing the trendiest vehicles in each of the four categories. It isn't clear if these awards also take cars brought by OEMs into account, but the Mustang and FR-S were definitely well represented by both OEM and aftermarket show versions.
As usual, the OEMs showed up in force at the this year's SEMA Show exhibiting a variety of cars ranging from production-intent cars like the beastly Ford Mustang Cobra Jet to much flashier rides like Scion's Carbon Stealth FR-S.