Monday, July 27, 2015

OnStar, UConnect or any other remote assistance capability leaves your car open to hacking.

In other news, d'uh!   Given that GM have been able to remotely start and stop cars via OnStar for years, it should come as no surprise to anyone that Jeep's UConnect is the latest remote assistance system to fall prey to hacking. Following successful demonstrations of how Ford and Toyota's systems can be remotely accessed, now we know it's more than just honking horns and flashing headlights. Now we know that brakes can be disabled, steering inputs can be changed, and transmissions can be killed.
How? Simple - all new cars use a centralised data communication system called CANBus. Everything is on there from the engine management system to the radio. Naturally this means the cell network connection for remote assistance can access the same onboard network, which ipso facto means that's the way into your whole car's brain for anyone with enough skill.
And these two guys gleefully demonstrate how easy these sort of hacks are: Hackers Remotely Kill a Jeep on the Highway This naturally isn't limited to GM, Chrysler, Ford and Toyota. It's just that those are the only ones that have been publicly demonstrated up to this point. Mercedes, Land Rover, GMC, Dodge, VW, Audi, Volvo - you name it - they all have remote assistance functions to call the emergency services, or that let you remote start your car, or set the climate control before getting in.
And the mere fact that this outside connection exists means that it should come as no surprise to anyone as each and every one of these systems falls to hacker demonstrations.