A pair of veteran cyber security researchers have shown they can use the Internet to turn off a car’s engine as it drives, sharply escalating the stakes in the debate about the safety of increasingly connected cars and trucks.
Former National Security Agency hacker Charlie Miller, now at Twitter, and IOActive researcher Chris Valasek used a feature in the Fiat Chrysler telematics system Uconnect to break into a car being driven on the highway
In a recent story by Wired, hackers Charlie Miller and Chris Valasek remotely hack a moving 2014 Jeep Cherokee being driven on the highway by Wired writer Andy Greenberg. Miller and Valasek start small by turning on the vehicle’s air conditioning, stereo, and windshield wipers before upping their attack and disabling the Jeep’s engine.
While safely in a parking lot, Miller and Valasek also demonstrated to Greenberg that they can control the car’s brakes and steering, which left the car in a ditch.
Miller and Valasek have found a vulnerability in the vehicle’s onboard entertainment system that allows them to gain control of the vehicle while sitting safely miles away. While they have focused their efforts on the 2014 Jeep Cherokee, the pair says the vulnerability could potentially affect hundreds of thousands of cars on the road today. They have alerted Chrysler who have released a patch for the vulnerability.
Fiat Chrysler said it had issued a fix for the most serious vulnerability involved. The software patch is available for free on the company’s website and at dealerships.
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems,” the company said. It didn’t immediately answer other questions.
Miller and Valasek have been probing car safety for years and have been among those warning that remote hacking was inevitable. An academic team had previously said it hacked a moving vehicle from afar but did not say how or name the manufacturer, putting less pressure on the industry.
Source:
wired.com
