We’ve known for a while that today’s connected cars are vulnerable to hackers — I wrote about it here and here. Massachusetts Senator Ed Markey has been warning about this problem for years. Read his report here.
Even with low-level equipment, thieves have been gaining entrance into cars to steal either the vehicle or its contents. That growing problem stayed below the radar. But when a pair of hijackers with laptops took over a Wired reporter’s Jeep Cherokee this week and controlled it remotely, suddenly the news was everywhere.
2014 Jeep Cherokees like this one are vulnerable to the Fiat Chrysler Uconnect hack. (Photo: Fiat Chrysler)
The two guys put photos of themselves on the Jeep’s screen, ran the windshield wipers, put obnoxious music through the speakers and — a coup de grace — disabled the brakes and shut off the engine. Luckily, they’re white hats. Charlie Miller works for Twitter in St. Louis, and Chris Valasek works for IO-Active, a security firm. Where earlier hackers had shown they could control a car if they plugged a rogue dongle into the OBD-II port, now the widespread adoption of Internet connectivity makes that approach obsolete.
Miller and Valasek exploited a security flaw in the Jeep’s Uconnect entertainment system. Once in the back door there, they were able to get into the Controller Area Network, or CAN-Bus, which allows them to “talk” to a bunch of the computers in the car.
As I said, the ability to hack into this stuff isn’t all that new. In fact, a fellow named Chad Gibbons, who describes himself as a software developer who provides “managed security-as-a-service solutions for the cloud,” was doing this kind of thing — innocently — in 2013. His blog post “Hacking the Jeep Interior CAN-Bus” offers detailed, step-by-step directions, and even multiple videos, on how to rummage around in there.
For Gibbons’ 2012 Jeep Wrangler, he merely wanted to customize the electronic interface. He writes, “Instead of tapping into the final wiring of the car, I wanted to leverage the vehicle’s own computers to tell my accessories what to do.” He’s not doing anything nefarious, just what car customizers and tuners have done for decades — monkeyed under the hood (or perhaps the dashboard) to make their ride look or drive better.
Miller and Valasek say they will reveal the full details of what they did at the Black Hat hacker’s conference next month. They want to take a victory lap. Other hackers have revealed their auto-based handiwork at the same event.
Fiat Chrysler, in touch with the hackers from the beginning, has already fashioned a software patch that, when downloaded, will block the hackers — at least for now.
On the same print page that the Wall Street Journal reported the Jeep hack, it also noted that “a group of German automakers agreed to pay slightly more than $2.7 billion for Nokia’s digital mapping service, prevailing over Silicon Valley bidders in a battle for a key enabling technology for self-driving cars.”
The connected car, soon to be the self-driving one, isn’t an interesting science experiment anymore. It’s big business, and unanimously considered a virtual certainty by, say 2025. The genie’s out of the bottle, folks. Do you think this hacking incident is going to set back the steady march of 4G into the automobile?
When the automobile first appeared circa 1900, legislators were up in arms about the threat to the horse, and even succeeded in passing asinine laws that required “flagmen” with red banners to accompany any moving car. But there was no holding back progress then, and there won’t be now.
There’s a reason automakers, including Ford, have opened offices in Silicon Valley. They need to understand the culture that exploits any weakness and hacks into a computer because, well, it’s there. A counterattack is underway; carmakers are working with Booz Allen Hamilton consultants on security issues. But this won’t be the last time you see hackers crowing about getting access to cars — new revelations about remote access to Teslas (which Chinese hackers penetrated just last year, remotely opening and closing the doors) are reportedly in the works. Here's the Wired video:
And here's some of the 2013 Chad Gibbons video:
Related on MNN:
- How ethical hackers make computers safer
- Connected cars will boost road safety
- Researchers find cars are vulnerable to cyber attacks