Your car could be hacked - while you're driving it

Some cars can now be hacked. Over the past two years, two well-respected security researchers, Charlie Miller and Chris Valasek, have been hacking away at various cars, trying to find a way to control them remotely.

At the annual Black Hat and Def Con hacking conferences in Las Vegas in August, Miller and Valasek plan to demonstrate how, after two years of research, they have discovered a way to control hundreds of thousands of vehicles remotely. From the Internet, they were able to track cars down by their location, see how fast they were going, turn their blinkers and lights on and off, mess with their windshield wipers, radios, navigation and, in some cases, control their brakes and steering.

Their discovery is several years in the making. In 2013, they described how could control a Ford and a Toyota by plugging into a diagnostic port that could control the vehicle’s steering and speed. But that was of limited use to carmakers, who told them that anyone with physical access to the car could just as easily cut the brakes.

story_article_left1

So for the last year, Miller and Valasek have been tinkering with a Jeep, trying to find a way to control it remotely. What they did not realize at the time was that their discovery would extend far beyond the Jeep and affect hundreds of thousands of other vehicles sold by Fiat Chrysler Automobiles.

Their research is likely to be one of the first discoveries in a new chapter of vulnerabilities and attacks directed at the so-called Internet of Things, the billions of products, machinery and infrastructure expected to come online in the next five years. A report from Verizon found that 14 carmakers accounted for 80 percent of the worldwide auto market, and each had a connected-car strategy.

Last year, the researchers bought a Jeep that came with a car stereo head unit, which offers a radio display, traffic and navigation system, and in this case, connected to the Internet through a hardware chip that provides a wireless and a cellular network connection.

Miller and Valasek discovered a vulnerability in that chip that allowed them to scan the Internet for affected vehicles, hack into the car stereo head unit and run their own code. In the process, they were able to change the radio station and adjust the air-conditioning but not too much more.

It took another few months, but they found a way to crawl from the vulnerable wireless access chip to another chip in the same head unit that controlled the cars’ electronics. Once they did that, they could control the car’s locks, windshield wipers, speedometer, lights and blinkers, and even engage and disengage the brakes and steering, so long as the car was driving at sufficiently slow speeds (around 6 mph or less ) - all from the Internet.

“I have done a lot of research, but this is the first time I’ve been truly freaked out,” Miller said. “When I could hack into a car in Nebraska driving down the freeway, I had that feeling, 'I shouldn’t be able to do this.'”

Working with Andy Greenberg from Wired.com, the pair were able to take control of the Jeep Cherokee he was driving on a highway in St Louis, Missouri, causing the engine to cut out and applying the brakes on the car, sending the vehicle into a spin.   Mr Greenberg wrote: “The most disturbing manoeuvre came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.

full_story_image_hleft1

It was not just Jeeps they could access, but any car with the same head unit made by Fiat Chrysler. This included most newer models with the head unit, sold from late 2013 to 2015. The researchers scanned the Internet for vulnerable vehicles, took down their vehicle identification numbers and worked backward from there.

Miller and Valasek have been short on details regarding the specific vulnerabilities they discovered in the head unit, or how exactly they were able to access the firmware - instructions coded into a computer’s memory rather than its software - that allowed them to control the vehicles’ electronics.

story_article_right2

Miller and Valasek notified Fiat Chrysler, which developed and released a patch last week.

Alyse Tadajewski, a spokeswoman for Fiat Chrysler, said that the company did not believe it was responsible for the researchers to disclose the vulnerability to the public. “Under no circumstances does FCA condone or believe it’s appropriate to disclose 'how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” she said.

Tadajewski said Fiat Chrysler routinely monitors and tests its systems to identify and eliminate security vulnerabilities and had an embedded system quality engineering team dedicated to developing and implementing cybersecurity standards for all its vehicles, including its onboard and remote services.

She said the company released a free software patch for the vulnerability. “Customers can either download and install this particular update themselves or, if preferred, their dealer can complete this one-time update at no cost to customers.”

The end goal, Miller said, was to hack something tangible that most people could understand. "I’ve been in security for more than 10 years, and I’ve worked on computers and phones. This time, I wanted to do something that my grandmother would understand. If I tell her, 'I can hack into your car,' she understands what that means.

“Also, I drive cars,” Miller added. “I would like them to be safe.”

--2015 New York Times News Service