Jeep Hack 0Day: An Exposed Port

  /     /     /  
Publicated : 22/11/2024   Category : security


Jeep Hack 0Day: An Exposed Port


Researchers at Black Hat USA gave details on how they were able to remotely hack and control a Jeep Cherokee.



BLACK HAT USA -- Las Vegas -- In the end, it was an unnecessarily open port that led to the infamous -- and road-tested -- hack of the 2014 Jeep Cherokee by famed car hackers Charlie Miller and Chris Valasek.
Miller and Valasek here yesterday in their presentation on
their remote hack of the vehicle
revealed the vulnerability -- a wide open port 6667 -- that ultimately led to their ability to control the Jeeps steering, braking, high beams, turn signals, windshield wipers and fluid, and door locks, as well as reset the speedometer and tachometer, kill the engine, and disengage the transmission so the accelerator pedal failed.
After studying ways to hack via the cars optional WiFi service, the researchers discovered that the Harman uConnect infotainment systems built-in cellular connection from Sprint left Port 6667 open, which  gave them a connection to the car via their smartphones on the cellular network. The researchers employed a femtocell, and after testing various distances, found they could access the vehicle some 70 miles away via the cell connection. They were able to grab the Jeeps VIN number as well.
Miller and Valasek will publish a research paper on Monday with details on exactly what they found and how they were able to wrest control of the Jeep remotely.
But their attack is now basically history--Sprint since has locked down the exposed communications port.
Theres no way to use the attack … now, Valasek said in a press briefing. We hope other researchers will take a look at other cards for vulnerabilities, he said.
Miller and Valaseks groundbreaking and somewhat unnerving research and live demonstration of their hack with a driver on an open highway sent a ripple effect through the automobile industry. Fiat Chrysler last month issued a patch, and then
a recall of some 1.4 million vehicles
affected by the security flaw --  2013 to 2015 Dodge Vipers and Ram pickups; 2014 to 2015 Jeep Grand Cherokee, Cherokees and Dodge Durango SUVs; and 2015 Chrysler 200, Chrysler 300 and Dodge Chargers and Challengers.
The National Highway Traffic Safety Administration (NHTSA), meanwhile, is investigating the effectiveness of the recall.
The researchers had kept Chrysler updated on their findings along the way, including in March when they were able to send their own CAN messages to the vehicle.
Cars got recalled. Thats cool -- hackers did something to make that happen, Miller said in their presentation.
But they say the security flaws they found in the infotainment system are not just a Fiat Chrysler issue: suppliers and telecommunications companies need to work with the automakers in these cases, they said.
Meanwhile, another pair of researchers was able to hack a Tesla S, but the attack required some physical tampering with the vehicle. The researchers will present their findings here this week at DEF CON, according to
a Wired report
.

Black Hat USA is happening! Check it out
here
.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Jeep Hack 0Day: An Exposed Port