Photo (cc) by jeff_golden
Andy Greenberg was driving on the Interstate when he started losing control of his vehicle.
The A/C automatically turned up, and the radio and windshield wipers suddenly activated. Then a photo of two men appeared on the dashboard screen. Before long, the engine switched off.
Greenberg, a senior writer for the technology publication Wired, had made himself the guinea pig in an experiment to demonstrate how vulnerable some vehicles are to hacking.
He had given hackers Charlie Miller and Chris Valasek permission to take control of the 2014 Chrysler Jeep Cherokee that he was driving — which they did from the comfort of Miller’s home. According to Greenberg’s story in Wired:
Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes and transmission, all from a laptop that may be across the country.
Miller is a security engineer at the social media network Twitter. Valasek is the director of vehicle security research at security company IOActive.
Their experiment with Greenberg at the wheel was possible because Chrysler is among the many auto manufacturers bringing smartphone capabilities to vehicles, Greenberg reports:
Uconnect — an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks — controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element … Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country.
Miller and Valasek will reveal that one vulnerable element during the Black Hat cybersecurity conference in Las Vegas next month.
The men have been sharing their research with Chrysler, resulting in the company notifying affected owners and releasing a patch last week. (Miller and Valasek say their attack seems to work on any Uconnect-equipped Chrysler from late 2013, all of 2014 or early 2015.)
A Chrysler spokesperson also gave a statement to Wired:
[Fiat Chrysler Automobiles] has a program in place to continuously test vehicles systems to identify vulnerabilities and develop solutions. FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability.
To watch the video of Greenberg’s experiment, click the link above to the Wired story.
Does this type of hacking vulnerability worry you? Share your thoughts below or on Facebook.