Losing control of your car while doing 70mph on the motorway is probably one of the scariest things that can happen. But what about if a stranger took control of it instead?
Well, that’s exactly what happened to Andy Greenberg, a senior writer for tech magazine WIRED, who found his Jeep Cherokee commandeered by two hackers using a laptop and a mobile phone.
“I was driving 70mph on the edge of downtown St. Louis when the exploit began to take hold,” Greenberg wrote.
“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system.
“Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.”
What happened next was even worse: the pair managed to turn off the car’s engine, slam on its brakes and even take over its steering, eventually crashing it into a ditch with Andy still inside.
Somewhat luckily, the hackers were security experts Charlie Miller and Chris Valasek, who were using Andy’s Jeep in an experiment to show just how easy it can be for cyber-criminals to take over your car.
“I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year,” he said.
“Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.”
Miller and Valasek had previously teamed up with the WIRED writer in 2013, when he drove a Ford Escape and Toyota Prius that had been compromised by the pair. However, while the attackers had to physically wire their software into the car, their technology has now gone wireless.
They exploit an unmentioned vulnerable element in the Jeep’s Uconnect infotainment system, an Internet-connected computer feature that comes in thousands of Fiat Chrysler-manufactured cars, SUVs and trucks across the world.
Using Uconnect’s Wi-Fi and telephone capabilities, hackers can easily tap into the car’s controls and can even track its GPS co-ordinates, measure its speed and drop pins on a map to trace its route with pinpoint accuracy.
Thanks to the nature of the internet, it can be accessed from anywhere in the country; Miller and Valasek successfully hacked Andy’s Jeep from ten miles away.
“From an attacker’s perspective, it’s a super nice vulnerability,” Miller said. “For all the critics in 2013 who said our work didn’t count because we were plugged into the dashboard, well, now what?”
Valasek says that the attack on the entertainment system works on any vehicle with Uconnect installed from 2013 onwards, which includes a huge range of Jeep, Alfa Romeo and Fiat vehicles, like the new Fiat 500, among others.
In response, Chrysler, who manufactures the Uconnect infotainment system, has released a software patch which it says can protect against the hackers. Available to download from the Uconnect site, the patch is free but requires installation either via USB stick or at a dealership.
Miller and Valasek say that the opportunities for car hacking will only continue to grow as more carmakers add wireless connections to vehicles’ internal networks. Even now, Uconnect is just one of many systems, including Vauxhall’s OnStar, Infiniti Connection, Ford SYNC and Hyundai Bluelink.
They aren’t the only pair to have successfully hacked cars, either, with a particularly malicious car-hacking attack taking place in Austin, Texas back in 2010 when a car salesman used remote technology to shut down more than 100 cars to enforce timely payments.
As a result of Miller and Valasek’s research, US senators Ed Markey and Richard Blumenthal are intending to reveal new legislation designed to protect cars against hackers, set standards and create a security rating system for consumers.
Senator Markey said: “Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car.
“Drivers shouldn’t have to choose between being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”
However, the problem isn’t just localised to the US and is instead a vulnerability of a global nature, though luckily car makers are starting to twig on. In March, Ford announced it would update its cars over-the-air to improve security, while BMW used a wireless update to patch hackable security flaws in January.
Josh Corman, co-founder of I Am the Cavalry, a security organisation devoted to protecting web-connected technologies, said that the automotive industry needs to come up with solutions within three to five years, “especially since the consequences for failure are flesh and blood”.
However, Andy Greenberg says that the changes and consideration given to wireless security for cars’ infotainment systems needs to happen much, much sooner.
“As I drove the Jeep back toward Miller’s house from downtown St. Louis, however, the notion of car hacking hardly seemed like a threat that will wait three to five years to emerge,” he wrote.
“In fact, it seemed more like a matter of seconds; I felt the vehicle’s vulnerability, the nagging possibility that Miller and Valasek could cut the puppet’s strings again at any time.”
Evidently, the hackers agree. “This is what everyone who thinks about car security has worried about for years,” Miller finished. “This is a reality.”
