Hackers send wake-up call
Car builders respond fast to remote vehicle take-over
FIAT Chrysler Automobiles (FCA) this week responded to an article in Wired
Magazine that reported how two legendary hackers took over a Jeep Cherokee while it was driving, and then pretty much did what they wanted with the big ute, including stalling it in front of a speeding truck.
Two things need to be noted about this news — it took legendary hackers Charlie Miller and Chris Valasek years of studying systems to get to the point where they could hack into cars remotely; and both are consulting to the automotive industry to close the security loopholes they find.
FCA reassured drivers in South Africa the loophole in this case, a cellular modem embedded in the cars, is not available in Fiats, Jeeps or Chryslers sold outside of the U.S., since international markets are currently not offering the same connectivity features as the U.S. market vehicles. The automaker said in a statement: “FCA has a dedicated team from System Quality Engineering focused on identifying and implementing software best practices across the company globally. The team’s responsibilities include development and implementation of cyber-security standards for all vehicle content, including on-board and remote services.”
The group has already made available a patch to close the loop, which more than 150 000 owners in the U.S. can activate either at a dealer or by inserting a USB drive into their audio systems. Cadillac and Infinity, which have the same vulnerability, according to the hackers, have not yet made public their reaction.
Both Miller and Valasek are based in Missouri, and the pair challenged their usual victim, Wired reporter Andy Greenberg to submit to another hacking test in a car. In 2013, they cabled up to a Ford Escape and a Toyota Prius and disabled brakes, activated the hooter, the pretensioner on the seat belt and the electric steering wheel motor.
But back then they needed to plug into the vehicles’ onboard diagnostic port to hack these systems and the car industry largely ignored their warning.
Two years later, “carjacking has gone wireless”, wrote Greenberg, explaining the hackers have now sent out a wake-up call to the industry by showing how they can find and take over any Chrysler car with Uconnect anywhere in the U.S.
With Greenberg, the hackers first turned on the cold air, then they turned the volume up full, playing Kanye West through the stereo and finally they flashed up a picture of themselves on the car’s console and set the windscreen wipers going full blast, squirting cleaning fluid onto the windscreen to make it difficult to see.
Greenberg thought the photo was a nice touch, but was left feeling powerless by all the other tricks, which it turned out were just the warm-up for the main event. The hackers next turned off the engine, leaving Greenberg coasting slower and slower on a busy freeway as a big truck raced up behind him.
Greenberg finally steered the car onto the shoulder of the highway, only to find he had no brakes as he helplessly slid the two-ton Jeep into a ditch.
The pair have since showed FCA how to close the digital loophole, but they can still track cars without using the patch through on-board GPS, plotting on a map in real time just like they do in any Bond movie.
Since the article appeared last week in Wired, the U.S. Senate set new digital security standards for cars and trucks.
The senate stated it was not in response to the hackers’ wake-up call, but as part of a general effort to ensure standards of digital safety and privacy of cars within the next five years.
A journalist ended up coasting into a ditch after hackers Charlie Miller and Chris Valasek showed how they could take over any vehicle with a GPS link.