Skip to main content

Five years later, GM fixes a huge connected cars vulnerability

It took GM five years to fix a vulnerability which allowed hackers to basically take full control of a vehicle, except for the wheel.

They could activate breaks at high speeds and surreptitiously track vehicles.

The vulnerability was first discovered back in 2010, but was fixed only now. The catch is that the auto industry only recently caught up to the threat hacks and vulnerabilities pose to connected vehicles.

"The auto industry, as a whole, like many other industries, is focused on applying the appropriate emphasis on cybersecurity," GM chief product cybersecurity officer Jeff Massimilla told Wired. "Five years ago, the organization was not structured optimally to fully address the concern. Today, that’s no longer the case."

The security of connected vehicles is a hot topic lately, especially as the test vehicles pick up steam and start showing up on the roads.

We recently reported how hackers could abuse the LIDAR system which the car uses to scan its surroundings and make it schizophrenic, seeing other cars and obstacles which aren’t there.

Before that, the media reported how hackers managed to hijack a Cherokee Jeep while it was riding down a highway, and drive it to a complete stop.

A veteran security expert duo used a feature in the Fiat Chrysler telematics system Uconnect to break into a Jeep Cherokee being driven on the highway by a reporter for technology news site

First they turned on the Jeep Cherokee’s radio and activated other inessential features before “rewriting code embedded in the entertainment system hardware to issue commands through the internal network to steering, brakes and the engine.”