Modern automobiles, with their rear cameras, crash avoidance sensors, and smart keys, are undoubtedly making our lives safer and more convenient. But it’s a double-edged sword. Whenever a powerful machine is connected to the Internet, it opens up the possibility of being hacked while driving, putting a whole new meaning to “death machine.”
In a recent WIRED video, two coders show senior writer, Andy Greenberg, how they can hijack his Jeep in the comfort of their own homes.
Charlie Miller and Chris Valasek are hackers who have spent the last year creating software that can wirelessly control a 2014 Jeep Cherokee. The car has not been altered in any way and has no devices attached to it, but according to Greenberg: “like many thousands of Jeeps around the world, it can be remotely hacked over the internet through a cellular connection to its entertainment system that would allow someone to take over it’s steering, it’s transmission, and even it’s breaks.”
During the segment, Greenberg drove the Jeep Cherokee around while Miller and Valasek remotely hacked it from a different location. While the shenanigans started off tame (like turning on the fan or blasting rap music), the trip quickly turned hazardous after the hackers killed the engine on the highway and risked the driver’s life. Other vulnerabilities included turning off the brakes, changing the speedometer, and locking all the doors.
The WIRED test was only conducted on a Jeep Cherokee, but hundreds of thousands of late-model Chrysler cars may be susceptible through a feature called Uconnect, an internet-connected computer (known as its head unit) situated in the dashboard.
“These cars have units exposed to a particular service that probably they didn’t want to. It lets you do things like query it for information, like the GPS, but it also lets you run commands,” says Miller. According to the hackers, you first have to break into the car remotely over a data network, and then move laterally in order to do other, more dangerous things.
Miller and Valasek released part of the exploit code during the annual Black Hat hacker conference this year in Las Vegas. They have also alerted Chrysler about the security breach. But car-makers need to do a lot more in order to secure their vehicles, which are increasingly connected to the Internet. With driverless cars now being developed, the threat is even scarier.