Incident shows risk of cyberattack through car's Internet access Two hackers successfully gained access to a Jeep Cherokee recently and were able to take control of the car’s radio and windshield wipers and eventually shut the car down.Drivers need not panic though, the hackers were security experts who took a year to figure out how break into the car’s computer systems. Still, they warn that such an act could occur on hundreds of thousands of cars on the road today.The car was being driven by Andy Greenberg, a writer for the online magazine Wired, which collaborated with the two security experts to show how they could wirelessly take control of the 2015 model’s vital functions from 10 miles away.The two hackers, Charlie Miller a former NSA hacker and security researcher for Twitter, and Chris Valasek, research director at the security consulting firm IOActive, informed Chrysler of the vulnerability so the auto maker could patch the flaw. The hackers gained access to the car through a cellular network connection to the Jeep’s infotainment system while Greenberg was driving on a highway in St. Louis.Miller and Valasek found a remote vulnerability in Chevrolet’s UConnect telematics system. From there, they were able to gain access to the car’s other computer systems through an Internet connection over Sprint’s cellular network. (Car makers often collect data on vehicles through cellular networks to inform drivers of the need for maintenance or repairs.) “”We gained access by exploiting a vulnerability that was present on the head unit (i.e. the radio/navigation thingie) that was accessible over the Internet, Miller said. “It did not require any physical access or changes to the vehicle.”While the flaw that led to the hack is found only in the Chrysler UConnect head unit, there are probably similar types of security vulnerabilities in other car maker’s telematics systems, Miller said.While the hack of a running car on a highway is alarming, there are steps that can be taken, and are under way, to make cars more secure:Auto makers need to isolate a car’s driving functions from infotainment systems;Auto makers could upgrade software to detect malicious messages and order critical vehicle systems, such as brakes, to ignore them;There’s an effort in Congress to require auto makers to install technology that protects drivers against vehicle cyberattacks.The ideal solution, Miller said, is an intrusion detection system for the car that can detect, report and stop hacking attempts in real time.On a more positive note, these types of attacks from malicious hackers are unlikely because there is little to gain financially and the hacks take a lot of work. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe