Automotive

Hackers remotely take over Jeep Cherokee

Hackers have demonstrated the ability to wirelessly and remotely take over a frightening range of electronics on a moving Jeep Cherokee
Hackers have demonstrated the ability to wirelessly and remotely take over a frightening range of electronics on a moving Jeep Cherokee

The minute you connect a car to the internet, you’re exposing it to the risk of hacking – and even if it’s only the entertainment system that’s supposed to be online, a skilled hacker can now remotely take control of just about any electronically controlled part of your car, including the steering, throttle and brakes. And this isn't some distant thing to worry about in the future. One Wired reporter just had the terrifying experience of having his Jeep Cherokee taken over by hackers while he was on the freeway. Like a scene in a horror movie, he found himself a helpless passenger in his car as he lost control of its functions one by one.

If you drive a late model car, driver assist technology now operates an awful lot of it on your behalf. But if that car is connected to the internet as well, as a lot of them are, you could be exposing a horrifying amount of control to hackers.

A pair of Missouri-based hackers have put on an extraordinary demonstration by logging into a Jeep Cherokee remotely, while it was being driven by a Wired reporter Andy Greenberg, and systematically taking over the car’s functionality. First, they hit him with cold air through the air-con system, then they blasted Kanye West through the stereo at full volume, rendering the volume knob completely useless. They flashed up a picture of themselves on the car’s console and set the windscreen wipers going full blast, squirting cleaning fluid onto the windscreen and making it difficult to see.

But these were just warmups to the main event – next, they took over the engine and shut it off completely, leaving the driver powerless and coasting on the freeway as traffic flashed past around him. Then, once he was off the highway, they showed how they could completely disable the brakes, and take over the steering of the car – only at slow speeds and in reverse, but they’re working on unlocking new abilities every day.

If the safety implications of this kind of hack aren’t scary enough, consider the privacy angle. The pair say they can easily track the car through its on-board GPS, plotting out its course neatly on a map in real time.

Worse still, this was an unmodified car. The two hackers, Charlie Miller and Chris Valasek, had previously demonstrated similar capabilities when plugged into a car’s on-board diagnostics port, but this time they broke in from their lounge room, using an exploit they’ve found in the Jeep’s internet-enabled entertainment system – Uconnect. They believe it’s an exploit that should work on the majority of internet-connected late model Chryslers - all they need is the car’s IP address and they’re in. In fact, as reporter Andy Greenberg looked on, they located and hacked into a series of other moving cars all around the country.

Miller and Valasek are preparing to release some details of the hack at the Black Hat security conference in Vegas next month. They’ve been working with Chrysler to make sure this exploit is patched and the 471,000-odd vulnerable vehicles in the US are secured well before the Black Hat conference. Still, the whole thing is a big wake-up call for auto manufacturers: connected car cybersecurity is going to have to be absolutely paramount going forward. This goes double for anyone building an autonomous car, in which the terrified victim won’t even have access to a steering wheel when things start going skewiff. Scary stuff.

Source: Wired

  • Facebook
  • Twitter
  • Flipboard
  • LinkedIn
15 comments
Freyr Gunnar
Who thought self-driving cars were a good idea?
Lowell Angell
Make the car smarter than the hacker and then have it hack the computer of whichever hacker tries to hack it. The car could even plant a really nasty virus on the hacker's computer. One that forces the hacker to write zeros to their hard drive and then format and reinstall everything.
ikarus342000
Terrifying stuff and this is only an example. All Internet connected cars can be hacked. In this way you hand over the control of your car to anyone who likes to control your car and you in this way. With all the electronic “help” in new cars and the Internet connection you give a last piece of freedom willingly away. The future? In the future we will have autonomous cars and it will be forbidden for private persons to drive. Greetings from Orwell
Brian M
Why anyone thought connecting the cars primary controls to the internet was a good thing . They need to fired and never employed again in a safety or security industry - same applies to all the people that approved such stupidity! Maybe the law needs to be changes to stop this ever happening again.
Connecting isolated system such as a Sat nav or entertainment system to the internet is fine, provided there is no connection to other systems, as is having a local wired network for control, even having a connection port is ok. But it must never be connected to the internet!
AllenH
The downside of always being connected. On the other hand it will make it quite easy for the government to find protesters demanding more freedom and less government and deliver them the nearest federal detainment facility for re-education....for their own protection, of course.
RichardU
Why connect it to the internet in the first place.
Bawb
1. Why a Wired mag writer? Collaboration or just because of his credentials? 2. If it was a collaboration, why put people in danger on a freeway? Why not do it in a parking lot, with more witnesses? 3. Working with Chrysler now? Did they try before resorting to this? Or did Chrysler put them off?
Seems like the hackers and whoever else were involved were engaged in dangerous grandstanding to me.
Robert Walther
Talk about crimes requiring 10 year minimum sentences! Not to mention the Federal Death penalty for car hacks that result in deaths Get the drug users out of prison and put these guys in. The number of successful hackers is only a tiny fraction of recreational drug users. This would put a lot of prison guards and most DEA gangsters out of their legitimate 'front' work.
Douglas Bennett Rogers
A very cheap manual mode fail safe, as on transmission, would fix this.
Kevin Ritchey
I remember a time when my dad would pay 16 cents for gas and I would get a package of Smartie's candy for free. Cars and trucks were used for transporting people and products. Now you can surf for internet porn while you drive. And forget working on your own engine.