Ahhhh I knew nothing of that, I try not to follow news etc it just depresses me
I haven't seen a Chrysler since they had magnetos and a chuffin' great Blower
So that Chryslers stuff is a bit like Mercedes latest stuff then
That story I mentioned about that Jeep being hacked is actually funnier than it sounds.
So imagine this. It's 2012-2013. Tesla is getting all the publicity and rage, Elon is constantly in the news about how he listened to people complaints on twitter and then ordered a OTA update to all tesla that fixed the complaints.
Sentry mode, dash cam mode, and the pet mode were all OTA update and as a direct result of Elon monitoring twitter feed.
So Chrysler execs were feeling all butthurt and left out, so they decided that their next gen cars will be also OTA too! Just like Tesla! After all, Tesla is not the only one who can do it, Chrysler can do it too! And so they did. For a time, their new refreshed Dodge Rams, Cherokees, Chargers, Challengers, etc could receive OTA updates for various things like navigation updates, radio updates, even recall updates that require flashing modules. All done OTA. All was good for a time.
Until a white hat hacker (so called ethical hacker that finds vulnerabilities in a system and reports it to the owner of that system) noticed something odd. If he took the VIN of any of those new cars and ran it through an algorithm, he could stumble on the unique IP address of that particular car. In other words, he could communicate with the car with a laptop from anywhere in the world.
Then he found a zero-day exploit -- a very severe bug -- that effectively gave him full admin rights over the car. So he effectively had full access to the car. And he noticed something even more interesting -- as long as he had the vin of ANY Chrysler car, which was easy given that they're located under the windshield, he could just remote in that car from anywhere, and as long as the car had reception from the cell tower, he could do anything. Remote start? Turn on AC? Actuate brakes? Even control the car and drive it like a RC? This is literally something straight out of a spy movie.
And so being a white hat, he reported it to Chrysler. They thanked him for the report....and nothing happened. 2 months. 6 months. 1 year. Zero updates. Zero fixes to this absurdly massive issue. Nothing. And so Chrysler happily announced a new refresh on the Jeep Grand Cherokee. A facelift, but largely based on the same tech as previous pre-facelift.
And so this white hat spoke with a journalist who was going to review the car, and obtained his permission to remote into this JGC while the journalist was driving it. And just like that, while the journalist was driving it, the white hat took over the car (remember the journalist was on in it too, he was fully aware of it) and then disabled brakes, steering, throttle, AC...everything. And took over the system, accelerating the car to 70 mph, then applied full brakes to a standstill (empty deserted road), and then did a couple U turn while the journalist tried everything to regain control. The white hat was in a coffee shop having a nice espresso while doing all of this.
The resulting shitstorm after the journalist published his article.....oh boy.
The reason why it was so easy to bypass the security? Chrysler was being Chrysler, and they cheaped out on the programming and outsourced it to India. I'm not even kidding. Tesla at least was a software company that ventured into cars, and they knew the risks, so they built many checks and balances against outside intrusions. Chrysler was a car making company venturing into software, and they brought the mentality of producing cars on the cheap with them too.
That's how we have this abomination of CGW, and that's why there's a healthy aftermarket support to bypass it because well, Dodge fanboys are gonna Dodge fanboy and they still wanna tune and mod their cars.
