Two cyber-security experts have revealed how they are capable of hacking a car’s engine and taking full control of a vehicle as it speeds down a busy motorway. The stunt, filmed and reported by technology magazine Wired, has raised debate about personal safety in the increasingly connected world of the Internet of things.
Twitter’s Charlie Miller, a former hacker for the National Security Agency in the US, and IOActive researcher Chris Valasek showed how they were able to assume control of the Jeep Cherokee, using a feature in the Fiat Chrysler telematics system, known as Uconnect, while Andy Greenberg was driving the vehicle.
The hackers started by turning on the car’s radio and entertainment systems, before moving on to the windscreen wipers and air conditioning. Then, having rewritten some of the coding in the car’s software, they accessed the Jeep’s steering, breaking, and engine.
Since the video of the pair’s attack went live, Fiat Chrysler has said that it has issued a fix to stop hackers from assuming control of the most serious aspects of the car, which has been made available for free download on its website. You can see how the pair hacked the Jeep in the video below:
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems,” the company said.
The two hackers have long been documenting their concerns for car safety from cyber attacks, and have been working with Fiat Chrysler since 2014 to help them disabled the flaw that exposes the car’s systems. The pair will publish a paper revealing the code for remote access at a security conference next month, which will no longer work on cars that have downloaded the new fix.
While many Jeep owners may not have downloaded the patch software update in time, leaving their vehicles open to attack, Valasek says it would be difficult for rogue hackers to target a single vehicle – the attack requires invaders know the Internet Protocol address of a car in order to specifically target it, and this IP changes every time the car starts.
But an indiscriminate attack on a random vehicle would still be possible, and the pair said that only a few tweaks to their code could open up many other vehicles to a similar hack.
On this evening’s The Right Hook, George talks to Chris Valasek about how he remotely hacked a moving vehicle and what real-world applications this test has for the future of connected cars.
Tune in live from 6.30pm, or listen back to the show’s podcasts here.
