Jeep hackers take control of steering and braking systems at speed.
Security researchers Charlie Miller and Chris Valasek have taken the remote hack of a car to the next level. Now they can control the accelerator, steering wheel, brakes, and even electronic parking brake while the car is driving at more dangerous high speeds.
A year ago, the same pair of hackers remotely compromised a Jeep Cherokee. In a controlled demonstration the two cybersecurity researchers were able to access the Jeep’s Uconnect infotainment system via Sprint’s network and take control of basic functions. The hack was conducted from Miller’s living room while journalist Andy Greenberg, a journalist for Wired Magazine, was driving the vehicle. Miller and Valasek disabled the vehicle’s transmission and brakes and while the car was in reverse, they took over the steering wheel. In response, Fiat Chrysler Automobiles was forced to announce a recall of about 1.4 million vehicles. A month after the hack, Miller and Valasek went to work at Uber’s Advanced Technology Center in Pittsburgh.
The new hack was more difficult to execute, although the hackers were in the car at the time and physically plugged into the diagnostic port of the Jeep to send their phony CAN messages and to force the vehicle to follow their instructions. The two were able to reverse-engineer the electronic control unit ECU firmware which communicates via CAN messages. They were able to take control of the steering at any time, not while driving in reverse as it was the last time. The researchers demonstrated that they could turn the steering wheel at any speed, adjust the cruise control settings, and take over the acceleration pedal and the brakes.
The two security experts said they were planning to present their findings at the Black Hat security conference and with their demonstration they underscored one more time that wireless networks are the weakest link in high-tech vehicles and the car making industry needs to find fast fixes to block malicious intrusions.