July 22, 2015 weblog
Security experts demonstrate ability to remotely crash a Jeep Cherokee
A pair of cybersecurity experts has demonstrated to a writer for Wired magazine, an ability to remotely hack into a Jeep Cherokee and take over some of its functions, and at least in one case, to cause the vehicle to run into a ditch. The demonstration was staged by security hackers Charlie Miller and Chris Valasek and Wired writer Andy Greenberg—the purpose was to showcase the increasing vulnerability of modern cars and trucks to hacking.
Over the past several years car and truck makers have introduced cellular technology into vehicles to offer customers over-the-internet services, such as automatically monitoring vehicle systems and offering assistance if it appears it is needed. Such systems can alert service workers who can in turn alert authorities for example, if it appears a vehicle has crashed. But that has led to a new type of danger Miller and Valasek insist, drivers and their vehicles are becoming more vulnerable to hacking of the type that can put them at risk of physical harm.
In the demonstration, Greenburg drove the vehicle on a public highway, while Miller and Valasek hacked into its onboard systems from a remote location. They took over the A/C system and the radio, and at one point squirted fluid on the windshield. Then, they caused the accelerator to stop working which of course caused the vehicle to slow suddenly on a freeway. Continuing the experiment, Greenburg drove to an abandoned lot where the hackers disabled his brakes, causing him to drive into a ditch.
The hack was possible due to a lot of work on the part of the security experts, they have been studying onboard vehicle systems for a couple of years and are set to give a talk at this year's Black Hat conference outlining what they have found. They have also been "working" with car makers, keeping them abreast of their findings—Chrysler for example has already put together a patch to protect vehicles such as the Jeep Cherokee that come with the company's Uconnect infotainment system. Owners of vehicles have to download the patch and apply it via a USB stick or have a dealer do it for them. But that is beside the point, the security duo claim, the real issue is that vehicle makers are adding vulnerabilities to vehicles without doing the work required to keep hackers from taking them over and either bricking them, or causing harm.
© 2015 Tech Xplore