‘UConnect’ is an infotainment system that brings interactive ability to the in-car radio and telemetric-like controls to car settings.
There has a vulnerability been identified which, on being exploited, can really mess with your car controls. A group of Vulnerability researcher has displayed how to remotely hack such a system, sitting in a room miles away.
A vulnerable element in UConnect device, lets anyone who knows the car’s IP address gain access from anywhere via the Sprint cellular connection used by Uconnect. At first, hacker is very much capable to rewrite the car’s head unit firmware to implant the malicious code, which is capable of sending custom commands through the CAN bus, the car’s internal computer network, to the physical components like the engine and wheels.
The code that rewrites the chip’s firmware is not disclosed by this researcher’s group but shared the information with the vendor company instead to release patches.
These researchers have shown that anything and everything that is on web can be compromised.
Based on this one incident, we can establish at least two facts:
One is that automobile industry should now make Security play a central role and second is that it is high time for a new legislation to tighten the car’s protection from cyber attacks.
by Punit Dwivedi