Share

Hackers Can Remotely Kill A Jeep On The Highway

“Just send a remote command from your computer or the Uconnect Access smartphone app”.

Advertisement

Security researcher Charlie Miller attempts to extract a Jeep Cherokee from a ditch after its brakes were remotely disabled in a controlled test.

Mission accomplished, terrifyingly so. For 2014 Jeep Cherokees in particular, Miller and Valasek have extended their attack to the vehicle’s CAN bus, the network that controls functions like steering, brakes, and transmission.

The hack uses the Uconnect system as a gateway into the vehicle, and then gains access to the Jeep’s infotainment system headunit. But the experiment highlights a concern that often isn’t addressed head-on in the growing excitement over the prospect of roads dominated by either autonomous or heavily driver-assisted vehicles.

The entire episode, however, makes it abundantly clear as to how vulnerable the software driven systems are to attacks by hackers. Meanwhile, Miller and Valasek plan on presenting all their findings at the upcoming Black Hat conference in Las Vegas in August. It basically adds vehicles to the Internet of Things.

WIRED is reporting that senators Ed Markey and Richard Blumenthal will introduce an automotive security bill Tuesday (July 21) to bolster digital secruity standards for vehicles.

As more and more cars become mobile, internet-connected appliances, they become more likely targets for remote hacking. “This common-sense legislation would ensure that drivers can trust the convenience of wireless technology, without having to fear incursions on their safety or privacy by hackers and criminals”.

A long list of potential symptoms and conditions a driver might experience kicks off with “Improved Radio security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems (U.S. Market Only)”.

What do you think about these recent demonstrations of vehicle hacks?

The research is the work of Charlie Miller and Chris Valasek, who have been working on vehicle security projects for several years.

“Chrysler told Wired that while they “appreciate” the security pros” assistance, they were less enthusiastic about them lecturing about numerous hack’s nuances at the upcoming Black Hat gathering. For the past year, the two security experts have specifically targeted Chrysler’s newer Jeep Cherokees and were able to bring the vehicle to a full stop on a highway.

It is unclear whether the vulnerability within the Uconnect system is confined to United States cars, or certain models. Ford and BMW both recently took this route to correct glitches in their systems in the past months. It’s time for real security on internet-connected cars. Cars lined up behind my bumper before passing me, honking. They said approximately 471,000 vehicles equipped with Uconnect from late 2013 through early 2015 may be vulnerable.

Advertisement

“The hackers holding the scissors agree”.

New vulnerability lets attackers hijack Chrysler vehicles over the web | The Verge