Remember a few weeks ago when I was (sort-of-tongue-in-cheek) writing about IoT security being so bad that hackers could take control of any "smart" device out there, including cars? Well, as it turns out, in some cases they already can.
As WIRED tells us, some white-hat hackers have figured out how to compromise the M2M system used by hundreds of thousands of Chrysler cars on the road today, giving them the power to mess with climate control settings, change radio presets, and even turn the vehicle off while it's barreling down a highway at 70 miles per hour.
While GM and others have had systems like OnStar in place for well more than a decade now, those systems frequently combined proprietary software with (relatively) exotic hardware and network infrastructure, making it harder (or at least less worthwhile) for hackers infiltrate. Since Chrysler's approach uses the plain ol' Internet as a carrier medium, the target is both jucier and more accessible to hacker groups, whether they're wearing a white, black pr other-colored hat.
It's hard to imagine that a big company with so much to lose would pick anything other than de rigeur security standards like client certificate authentication and 2-way symmetric encryption of all data with some big cipher, but since the hackers have so far been mum about the exact nature of the hack, we can only speculate that there is some protocol violation or roll-your-own security vulnerability that they're exploiting.
My guess is that the hackers were able to gain entrance due to some glitch brought about because Chrysler uses the same cellular communications channel for both their M2M system and their infotainment unit. The company has obviously been tight-lipped so far, though does not appear to be particularly worried about the vulnerability (which will change after the first fatality, no doubt). Congress is due to start debating some new regulations for car IoT security in the coming weeks.
UPDATE: The company decided this might actually be a big problem after all, and has issued a recall notice for 1.4 million affected vehicles. This makes Wink's gaffe look like small potatoes in comparison.