This article is specific to Chrysler vehicles, but I have seen videos where DARPA admits they can do it with almost all new vehicles.
http://www.theverge.com/2015/7/21/90...ity-car-hijack
http://www.theverge.com/2015/7/21/90...ity-car-hijack
Chrysler's UConnect system uses Sprint's cellular network for connectivity, so researchers were able to remotely locate cars by scanning for devices using that particular spectrum band. Chrysler has been including UConnect in cars since late 2013, and any cars that use the system are likely to be vulnerable to the attack. There's no apparent firewall, so once attackers have located the device's IP, they can deploy previously developed exploits to rewrite Uconnect's firmware and control the car as if they had physical access. The result is that once an attacker has a car's IP address, she can target it from anywhere in the country.
In a live demo, attackers used the vulnerability to cut out a Jeep Cherokee's transmission and brakes and, when the car is in reverse, commandeer the steering wheel — all without physical access to the vehicle.
Comment