Security experts demonstrate ability to remotely crash a Jeep Cherokee

Security experts demonstrate ability to remotely crash a Jeep Cherokee

A pair of cybersecurity experts has demonstrated to a writer for Wired magazine, an ability to remotely hack into a Jeep Cherokee and take over some of its functions, and at least in one case, to cause the vehicle to run into a ditch. The demonstration was staged by security hackers Charlie Miller and Chris Valasek and Wired writer Andy Greenberg—the purpose was to showcase the increasing vulnerability of modern cars and trucks to hacking.

Over the past several years car and truck makers have introduced cellular technology into vehicles to offer customers over-the-internet services, such as automatically monitoring systems and offering assistance if it appears it is needed. Such systems can alert service workers who can in turn alert authorities for example, if it appears a vehicle has crashed. But that has led to a new type of danger Miller and Valasek insist, drivers and their vehicles are becoming more vulnerable to hacking of the type that can put them at risk of physical harm.

In the demonstration, Greenburg drove the vehicle on a public highway, while Miller and Valasek hacked into its onboard systems from a remote location. They took over the A/C system and the radio, and at one point squirted fluid on the windshield. Then, they caused the accelerator to stop working which of course caused the vehicle to slow suddenly on a freeway. Continuing the experiment, Greenburg drove to an abandoned lot where the hackers disabled his brakes, causing him to drive into a ditch.

The hack was possible due to a lot of work on the part of the security experts, they have been studying onboard vehicle systems for a couple of years and are set to give a talk at this year's Black Hat conference outlining what they have found. They have also been "working" with car makers, keeping them abreast of their findings—Chrysler for example has already put together a patch to protect vehicles such as the Jeep Cherokee that come with the company's Uconnect infotainment system. Owners of vehicles have to download the patch and apply it via a USB stick or have a dealer do it for them. But that is beside the point, the security duo claim, the real issue is that makers are adding vulnerabilities to vehicles without doing the work required to keep hackers from taking them over and either bricking them, or causing harm.


Explore further

Car-hacking researchers hope to wake up auto industry

© 2015 Tech Xplore

Citation: Security experts demonstrate ability to remotely crash a Jeep Cherokee (2015, July 22) retrieved 18 June 2019 from https://techxplore.com/news/2015-07-experts-ability-remotely-jeep-cherokee.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
943 shares

Feedback to editors

User comments

Jul 22, 2015
The first and best known system for controlling vehicles remotely is called On-Star.

Edit: And some people actually seem to want that system.

Jul 22, 2015
What's the point in connecting vital systems to the internet?

No reason why entertainment systems -or even emergency assistance systems- could not be physically isolated systems.

Pretty sure when this news hits the general media that these companies will feel a bit of a hit in their sales. They were expecting to save on not having to physically recall cars when a critical (software) fault is detected. But I guess that is one business decision that isn't going to work out (Duh).

Jul 22, 2015
I finally understand the Mennonites.

Jul 22, 2015
Its not like people haven't figured out how to kill each other before the internet. If someone wants to kill you they can do it using much simpler means. These researchers are scare-mongers if you ask me.

Jul 22, 2015
Only in america.

Jul 23, 2015
What's the point in connecting vital systems to the internet?


They aren't. It's just that they are controllable through the CAN bus, which is connected to the internet-enabled navigation-entertainment system, and once you take over that system you can then take over the entire car.

The real question is, why are the brakes not physically connected? That is a glaring, if not downright a criminal safety omission, because losing power to the car will cause the brakes to fail anyhow if they're controlled only by wire.

What ever happened to regular servicing and plain mechanical / electrical engine control systems?


Complexity. Your car would be criss-crossed with a literal ton of cable if every electrical device you have were to be separately hardwired with all the switches and sensors. Instead, a common digital serial data bus is used, and access to this bus gives you access to all the devices.

Jul 23, 2015
@nilbud - No, on a road near me in Oz.

Jul 25, 2015
Its not like people haven't figured out how to kill each other before the internet. If someone wants to kill you they can do it using much simpler means. These researchers are scare-mongers if you ask me.


The difference is a hacker can kill you from the other side of the planet, using stealth internet protocols that not even the NSA or CIA can track.

Your evil brother or evil next-door-neighbor on the other hand has to physically walk over and shoot or stab you.

A couple months ago there were some professional computer security experts who alerted one of the airlines that something similar was possible on their airplanes. Did the airline thank them? No. They denied the possibility that it was true, and banned the guys from flying on any of their flights again.

Who knows whether it's true or not, but if there's even the slightest possibility that a hacker could take control of the navigation system of a plane without even needing to physically do anything...

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more