The power grid, government computers, and nearly all major retailers all have been hit by hackers in recent years. That is scary enough, but a recent experiment by a couple of computer experts is downright terrifying – and could possibly provoke a deadly result.
Charlie Miller and Chris Valasek are “good” cyber hackers who try to expose flaws in systems before disaster strikes, and the two were able to hack into a vehicle’s computer system and take control of a car.
A Wired journalist volunteered to be part of the test.
“I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold. Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system,” Wired’s Andy Greenberg reported. “Next, the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display.”
The test was truly terrifying.
The software program reportedly allows hackers to send commands via the vehicle’s entertainment system to the dashboard function, including the transmission, brakes and steering wheel. While this test was conducted in St. Louis, the computer hackers maintain that taking over a car’s functions can be done from a standard laptop from across the country. During this experiment, the cyber hackers were 10 miles from the driver of the vehicle.
“Then they told me to drive the Jeep onto the highway. ‘Remember, Andy,’ Miller had said through my iPhone’s speaker just before I pulled onto the Interstate 64 on-ramp, ‘no matter what happens, don’t panic.’ As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission,” Greenberg wrote.
His accelerator stopped working without any warning. When he pressed the gas pedal as hard as physically possible, the Jeep Cherokee lost speed and slowed down to a crawl. As a semi-truck and a host of other vehicles lined up behind the journalist and angrily honked their horns, there was nothing he could do to get out of their way. He was essentially paralyzed in the middle of the highway.
“You’re doomed,” one of the cyber hackers jokingly shouted to the driver through the car’s entertainment system.
Imagine the death toll which could occur if cyber hackers took control of police, fire or EMS vehicles that are connected to the Internet.
Several years ago, Miller and Valasek used the same journalist to demonstrate less developed attempts at cyber hacking vehicles. While Greenberg was behind the wheel, the cyber hackers were reportedly able to honk the horn, jerk the seatbelt, disable the brakes, and take control of the steering wheel.
“When you lose faith that a car will do what you tell it to do,” Miller said,” it really changes your whole view of how the thing works.”
The first cyber hacking experiment helped to inspire Senators Ed Markey (Massachusetts) and Richard Blumenthal (Connecticut) to author an automotive security bill to mandate safer new “digital security standards” for cars.
“Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car,” Markey said in a statement. “Drivers shouldn’t have to choose between being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”
Markey sent a letter to 20 automakers, asking each one questions about their vehicle security practices. Sixteen automakers responded to the questionnaire – all of which noted that nearly each vehicle they sell had some type of wireless connection, including Bluetooth, Wi-Fi and cellular service.
As more vehicles are attached to the Internet, Greenberg reported, it will become more dangerous to car buyers.
“All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot,” Greenberg wrote. “And thanks to one vulnerable element … Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country.”
Uconnect is reportedly just one of a many telematics systems used in modern vehicles. Other similar computer systems used include GM Onstar, Lexus Enform, Toyota Safety Connect, Hyundai Bluelink, and Infiniti Connection.
“If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller said. “This might be the kind of software bug most likely to kill someone.”
Miller estimates there are currently as many as 471,000 vehicles with vulnerable Uconnect computer systems on the highway. Chrysler has now reportedly issued a recall for 1.4 million vehicles as a result of Miller and Valasek’s cyber hacking research.
Do you think Americans need smart cars? Does the vulnerability concern you? Share your thoughts in the section below: