IMPORTANT BULLETIN

APCO International has received a Vulnerability Note as a member of the Department of Homeland Security (DHS)- National Coordinating Center for Communications (NCC) Communications Information Sharing & Analysis Center (COMM-ISAC).  As this vulnerability could impact our membership, APCO is sharing the following information from DHS.  This bulletin is intended for dissemination to public safety answering points (PSAPs), emergency communications centers, and public safety personnel.

Fiat-Chrysler Automative UConnect allows a vehicle to be remotely controlled

CERT/CC Vulnerability Note VU#819439. For further information please refer to the following link: http://www.kb.cert.org/vuls/id/819439

Overview

Fiat-Chrysler Automotive (FCA) UConnect may allow a remote attacker to control physical vehicle functions.

Description

According to a WIRED news article, an unknown vulnerability in FCA UConnect software allows some functions of recent models of the Jeep Cherokee to be controlled by a remote attacker. Other FCA models (brands: Fiat, Chrysler, Jeep, Dodge, Ram) utilizing the UConnect software may also be vulnerable. FCA, in cooperation with the National Highway and Transportation Safety Administration (NHTSA), has initiated a safety recall (NHTSA campaign 15V461000, “Radio Software Security Vulnerabilities”) for all possibly affected models. These models include:

1. 2013-2015 Ram 1500 Pickup
2. 2013-2015 Ram 3500 Cab Chassis
3. 2013-2015 Ram 2500 Pickup
4. 2013-2015 Ram 3500 Pickup
5. 2013-2015 Ram 4500/5500 Cab Chassis
6. 2013-2015 Dodge Viper
7. 2014-2015 Jeep Cherokee
8. 2014-2015 Jeep Grand Cherokee
9. 2014-2015 Dodge Durango
10. 2015 Chrysler 200s
11. 2015 Chrysler 300s
12. 2015 Dodge Challenger
13. 2015 Dodge Charger

Impact

A remote attacker could control some physical functions of a vulnerable vehicle. The WIRED article states that the researchers were able to remotely disable the transmission, and that the car had to be stopped and restarted to restore normal operation.

WIRED also reports:  “Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route.”

Furthermore, an attacker could remotely control “… the air-conditioning, radio, and windshield wipers.” An FCA blog post states that: “To FCA’s knowledge, there has not been a single real world incident of an unlawful or unauthorized remote hack into any FCA vehicle.”

Solutions:

Apply an update

FCA has provided an update to address this vulnerabilities, and has initiated a safety recall (NHTSA campaign 15V461000). Owners of affected models are advised to update their vehicle’s UConnect software immediately. Owners can perform the update themselves or take their vehicle to a dealer to perform the update free of charge.

Blocked Ports at the Network Level

Additionally, FCA provided the following statement:

“FCA US has applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report. These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015.”

Threat Modeling and Secure Architecture

Complex software systems contain latent vulnerabilities. Updating software to resolve vulnerabilities as they are discovered is a necessary but insufficient defensive activity. Complex, safety-critical software systems require resilient, secure design considerations. Vehicle manufacturers should use threat models that consider skilled and potentially well-funded attackers and remote network communications. Manufacturers should also design vehicle networks to isolate or carefully limit access to safety critical systems from telematics, infotainment, diagnostic and remote communications systems.

References

1. http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf
2. http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf
3. http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483034/RMISC-15V461-1264.pdf
4. http://www.safercar.gov/Vehicle+Owners
5. http://media.fcanorthamerica.com/newsrelease.do?&id=16827&mid=1
6. http://wk2jeeps.com/tsb/tsb_wk2_0807215.pdf
7. http://wk2jeeps.com/tsb/tsb_wk2_0803115a.pdf
8. http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/
9. https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01
10. http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
11. http://www.wired.com/2015/07/patch-chrysler-vehicle-now-wireless-hacking-technique/
12. http://www.driveuconnect.com/software-update/
13. http://www.autosec.org/pubs/cars-usenixsec2011.pdf

Credit

This vulnerability was publicly demonstrated by Charlie Miller and Chris Valasek, and initially reported by WIRED magazine. FCA quickly worked with the appropriate authorities to issue this vulnerability note.