Fiat Chrysler has recalled 1.4 million Jeeps affected by a remote hack which allowed researchers to remotely control the vehicle while it was being driven.
Although just a demonstration, the hack allowed Charlie Miller and Chris Valasek to access functions of the car such as acceleration, windscreen and radio, rendering the driver powerless.
Worryingly, Miller and Valasek say they could target hundreds of cars, and will post a tutorial detailing the hack next month.
What did the hack do?
Miller and Valasek were able to control the air conditioning, radio and windscreen wipers of a Jeep Cherokee driven by Wired journalist Andy Greenberg. The hackers also accessed more vital controls such as the accelerator and brakes – leaving Greenberg powerless at 70mph on the highway.
“As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display,” Greenberg wrote. “A nice touch, I thought.”
“Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl.”
After disabling the Jeep’s brakes, the hackers let the vehicle coast into a ditch, with Greenberg still in it.
How did they do it?
Details are still unclear on the exact vulnerability Miller and Vlasek used. However, what is known is that they used the car’s uConnect infotainment system as an entry point to its other systems. By targeting the car’s IP address, Miller and Valasek were able to exploit a vulnerability to gain wireless control of the Jeep’s internal network – or CAN bus – and take control over a range of the car’s functions.
Known as a zero-day exploit, the method appears to work on Jeep Cherokees manufactured between 2013-2015, but it could potentially work on other Chryslers fitted with the uConnect system. “From an attacker’s perspective, it’s a super-nice vulnerability,” said Miller.
Are infotainment systems are a hacker’s paradise?
This isn’t the first time Miller and Valasek have hacked car systems: in 2013 they released tools that gave access to systems on the 2010 Toyota Prius and the 2010 Ford Escape, although in these cases the hack required physical access to a diagnostic port in the car.
As car manufacturers have included more and more tech in their cars – from phones to apps and even Wi-Fi hotspots – they have also had to wrestle with the same kinds of potential for hacking and vulnerabilities that computer makers have had for years. And although new UK laws insist autonomous cars must have secure, safe in-car systems, the same isn’t true for those already on our roads.
For the hackers, the demonstration was partly done to raise awareness of the issue. “If consumers don’t realise this is an issue, they should, and they should start complaining to car makers,” said Miller. “This might be the kind of software bug most likely to kill someone.”
Releasing the code
Next month, Miller and Valasek will share more details of their method at Las Vegas’ Black Hat security conference, but will leave out key aspects of the hack to avoid a repeat of the incident. However, car manufacturers have suggested the hackers could make things worse.
A statement released by Chrysler read: “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they [do] not, in fact, compromise public safety.”
Although the security researchers may mean well, Chrysler’s concerns are valid. In their efforts to raise awareness of the issue, Miller and Valasek have inadvertently given a head start to those wishing to emulate their hack.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
