... it turned out, the Wi-Fi password for Chrysler’s cars is generated before the actual time and date is set and is based on default system time plus a few seconds during which the head unit boots up.
The multimedia system is not connected to CAN bus directly. This is the thing that all the manufacturers always refer back to when it comes to IT-security of cyber-physical systems: there is an isolation they say, the air gap between connected and physical parts of these systems. As it turned out, this air gap is not that thick, at least in Chrysler’s cars. Despite the fact that multimedia system’s controller itself can’t communicate directly with CAN bus, it actually can communicate with another component which is connected to CAN bus, the V850 controller. He knows a guy, who knows a guy situation, simply put. Researchers discovered an opportunity to change firmware of the V850 controller for their maliciously crafted version through the connection to multimedia system’s controller. This firmware ‘upgrade’ can be done without any checks or authorizations. Even if there was authorization, researchers have found a couple of vulnerabilities that make possible taking control over this V850 controller. And that was it: after this move Miller and Valasek were able to send commands through the CAN bus and make every — every! — component of the car to do whatever they wanted. They were able to control steering wheel, engine, transmission, braking system, not to mention dull things like windscreen wiper, air conditioner, door locks and so on. Moreover, they were able to control all this things completely remotely, over the Sprint cellular network.Tags: hacking car vulnerability
More from: blog.kaspersky.com
show/hide source |