According to a recent Wired article, it is now possible for hackers to take control of a modern car’s functionality remotely. Using a latest Jeep Cherokee that boasts internet connectivity for its in-car entertainment systems, the editor of the story hit the road knowing that somewhere in the other side of the country two hackers (Charlie Miller and Chris Valasek) will try to make his trip difficult using their two laptops and a piece of custom code they’ve been working on for the past few months. The result was alarming to say the least…
So, what was done by the two hackers as a proof of concept was to first take control of the car’s “secondary” operations to activate the wipers, set the radio to maximum volume and blow hot air to the face of the driver as he was trying to get past all this while driving in a crowded highway. The next step though was way more decisive and offending for the driver as the hackers managed to cut-off the transmission of the car, letting it crawl and eventually stop. After a “manual reboot” of the car, the driver was able to find an exit from the highway and then the hackers disabled the brakes and shut down the engine completely. This proved that it is perfectly possible to take full control of a car remotely and put the passengers of the hacked vehicle in great danger.
How was it done?
The hackers basically found a way to exploit the Fiat Chrysler online entertainment platform that allows their various car models to serve as smartphones and WiFi-hotspots. They figured out the particular car’s IP address and took control of it using their custom code, so no technical details were revealed to the public for obvious reasons. The case is though that while car manufacturers are trying their best to sync their products with the technological trends of our age, they are doing so without any regard to the safety issues that may arise with this implementation. This is especially serious as all of modern car operations are electronically controlled through the car’s ECU. This has been the case ever since cars were equipped with ABS systems, so this is not something new at all. What has changed now is that with nowadays wireless connectivity, people have the capacity to connect to a car’s ECU and order it to do whatever they want.
Fiat Chrysler was actually quick to respond with an official statement just three days after the publication of the report on Wired. The manufacturer recalls approximately 1.4 million vehicles in the US to update their software. The models that are equipped with the affected entertainment system are seven including the latest Dodge Charger, Challenger, Viper and the Jeep Grand Cherokee. As the manufacturer states, the exploit in their system “required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.” While this may be really the case this time, it makes us think of how easier similar hacks may become in the near future when car hacking tools could become more widely available. It also makes us think that GPS or other surveillance-related information could be easily acquired by 3rd parties without the car owners ever knowing.