Recently we wrote about the now-famous hack of a Jeep Cherokee. At Black Hat USA 2015, a large security conference, researchers Charlie Miller and Chris Valasek finally explained in detail, how exactly that hack happened.
At the start of their research Miller and Valasek tried to hack the multimedia system of Jeep through Wi-Fi connection — Chrysler, the manufacturer of the vehicle, offers this option by subscription. It turned out, that it isn’t that hard to hack this Wi-Fi due to the fact that the Wi-Fi password is generated automatically, based on the time when the car and it’s multimedia system — the head unit — is turned on for the very first time.
In theory, considering the second precision of the date/time, it’s a rather secure method, which gets you lots of possible combinations. But if you know the year when the car in question was manufactured and if you successfully guess the month you can bring the count down to just 15 million combinations. If you suppose the time was during the day, it gets you to about 7 million combinations. For a hacker, this number is pretty workable — you can brute force it within an hour.