March 18, 2016

"It’s been eight months since a pair of security researchers proved beyond any doubt that car hacking is more than an action movie plot device when they remotely killed the transmission of a 2014 Jeep Cherokee as I drove it down a St. Louis highway."

Wired: Now the FBI has caught up with that news, and it’s warning Americans to take the risk of vehicular cybersabotage seriously. by Andy Greenberg

'In a public service announcement issued together with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI on Thursday released a warning to drivers about the threat of over-the-internet attacks on cars and trucks. The announcement doesn’t reveal any sign that the agencies have learned about incidents of car hacking that weren’t already public. But it cites all of last year’s car hacking research to offer a list of tips about how to keep vehicles secure from hackers and recommendations about what to do if you believe your car has been hacked—including a request to notify the FBI.

'“Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience,” the PSA reads. “Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.”

'The FBI and DOT’s advice includes keeping automotive software up to date and staying aware of any possible recalls that require manual security patches to your car’s code, as well as avoiding any unauthorized changes to a vehicle’s software and being careful about plugging insecure gadgets into the car’s network. Most of those tips stem directly from last year’s research demonstrations: After hackers Charlie Miller and Chris Valasek hacked the Jeep in July, Chrysler issued a 1.4 million vehicle recall and mailed USB drives with software updates to affected drivers. And the next month, researchers from the University of California at San Diego showed that a common insurance dongle plugged into a Corvette’s dashboard could be hacked to turn on the car’s windshield wipers or disable its brakes.'

"Motor Vehicles Increasingly Vulnerable to Remote Exploits" (I-031716-PSA) by Internet Crime Complaint Center (IC3) here

No comments: