Hackers seize control of Jeep, then crash it, using a laptop and cellphone … – National Post
Hackers have managed to take control of a car and crash it into a ditch while sitting on their sofa about 15 kilometres away.
In the first such breach of its kind, security experts caused the engine to cut out and applied the brakes on a Jeep Cherokee, sending it into a spin.
The U.S. hackers said they used just a laptop and cellphone to access the vehicle’s on-board systems via its wireless Internet connection. They claim that more than 470,000 cars made by Fiat Chrysler could be at risk.
The hack was revealed by security researchers Charlie Miller, a former staffer at the National Security Agency, and Chris Valasek. They worked with Andy Greenberg, a writer with tech website Wired.com, who was driving the Jeep on public roads in St. Louis.
In a demonstration for The Washington Post, Miller had to start the car the old-fashioned way, with his Jeep key fob. But once it was running, he found the vehicle’s Internet address and, while sitting in his office and typing on a MacBook Pro, hacked in through the dashboard information and entertainment system.
As Greenberg drove in a parking lot nearby, Miller changed the radio station and turned up the volume. He locked and unlocked the doors, and shot wiper fluid onto the windshield as the wiper blades swooped back and forth.
Then it got more serious. Miller, still on his MacBook almost two kilometres away, shut off the engine. He briefly disabled the brakes.
Then, he caused the transmission to malfunction, which led the Jeep to lose speed even when the gas pedal was pressed repeatedly. While the car was moving slowly in reverse, Miller even turned the steering wheel, causing the Jeep to carve a wide circle through the lot.
Miller said the purpose was to prompt urgency from automakers.
“I don’t want to want to wait until there are cars crashing on the news every month,” he said.
Miller and Valasek previewed their research for Chrysler, allowing it time to prepare a software update. Dealerships can install the new software, or customers can download it onto a memory stick and insert it into their vehicles.
Fiat Chrysler Automobiles issued a sharply worded statement as news of the hack broke.
“Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” it said.
‘They really just patched one vulnerability. But they didn’t fix the systemic issues’
It also offered reassurances to drivers. “The company monitors and tests the information systems of all of its products to identify and eliminate vulnerabilities in the ordinary course of business.”
Can motorists relax now? Miller and Valasek don’t think so.
“They really just patched one vulnerability. But they didn’t fix the systemic issues,” said Valasek, director of vehicle security research for IOActive, a security company.
The Daily Telegraph, with files from The Associated Press