You've read about the hacking of a Chrysler product. A couple of white-hat hackers were able to play with the wipers and brakes of a car from several hundred miles away. They reported the vulnerability to Chrysler.
And then Chrysler went cheap-o to fix it.
...Rather than simply treating the software patch as a traditional
recall (i.e. requiring them to visit a service center and have an expert
make the fix), Fiat Chrysler is mailing a USB thumb drive to owners of
the affected cars. From there, the cars' owners can plug the USB drive
into the cars' USB port to patch the software vulnerability. This seems
like a convenient way to issue a recall for something that car owners
can fix themselves.
However, as anybody with cybersecurity
experience would well know, this opens a huge procedural window for
hackers who may be inclined to exploit the vulnerability to take control
of the car. Carl Leonard, principal security analyst at Raytheon
Websense, says this creates an easy social engineering opportunity and
uses a notoriously vulnerable distribution method in the USB drive....
The friggin' US MAIL!!?!!???
Uh-huh. No wonder Chrysler is begging for a merger with another automotive which actually has a pocketbook.
No comments:
Post a Comment