Andy Greenberg was driving his car in St. Louis when he lost control of his vehicle. The air conditioning, the radio and windshield wipers all suddenly turned on, then the engine cut off. Greenberg tried to take back control of the car, but he couldn’t. It had been hacked.
Yes, you can now add cars to the ever increasing list of things that can be hacked. Greenberg is a senior writer for Wired and he had asked two security researchers – Charlie Miller and Chris Valasek – to show him how vulnerable cars are to remote hacking. So, they did just that. The tricks were at first small: The hackers sent a picture to his dashboard's digital display. Soon after, they cut his brakes. No wonder the experiment had quickly “ceased to be fun” for Greenberg. The car eventually ended up in a ditch.
The hacking technique is described as “a zero-day exploit.” Security experts were able to target the Jeep Cherokee that Greenberg was driving and get wireless control of the vehicle – all from the comfort of their own home. Miller and Valasek were able to hack the car through its Uconnect infotainment system and run their own code. And herein lies the problem with Internet-connected entertainment systems like Uconnect, which are installed on dashboards to improve usability and entertainment.
Experiments like these raise security questions on the newer generation of cars that are increasingly connected to the Internet. Even the hackers were surprised by their own ability to remotely control these cars.
“When I saw we could do it anywhere, over the Internet, I freaked out,” Valasek told Wired.
Cyber security experts are now urging owners of Fiat Chrysler cars to update their systems. “There are hundreds of thousands of cars that are vulnerable on the road right now,” Miller told Reuters.
This update might not sound particularly important, but trust me, if you can, you really should install this one. pic.twitter.com/qhTCrBIho8
— Charlie Miller (@0xcharlie) July 20, 2015
Fiat Chrysler have issued an update to fix the most serious security issues highlighted by Miller and Valasek. “Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems,” the company said, according to Reuters.
Miller and Valasek suggest 471,000 vehicles are vulnerable to a similar attack. The security researchers will present their paper at the Def Con security conference next month. Miller and Valasek hope these experiments will pressure manufacturers to become aware and respond quickly to these security vulnerabilities.