A pair of veteran cybersecurity researchers have shown they can use the Internet to turn off a car’s engine as it drives, sharply escalating the stakes in the debate about the safety of increasingly connected cars and trucks.
… Former National Security Agency hacker Charlie Miller, now at Twitter, and IOActive researcher Chris Valasek used a feature in the Fiat Chrysler (FCAU.N)(FCHA.MI) telematics system Uconnect to break into a car being driven on the highway by a reporter for technology news site Wired.com.
In a controlled test, they turned on the Jeep Cherokee’s radio and activated other inessential features before rewriting code embedded in the entertainment system hardware to issue commands through the internal network to steering, brakes and the engine.
“There are hundreds of thousands of cars that are vulnerable on the road right now,” Miller told Reuters.
Fiat Chrysler said it had issued a fix for the most serious vulnerability involved. The software patch is available for free on the company’s website and at dealerships. …
Miller and Valasek said they had been working with Fiat Chrysler since October, giving the company enough time to construct a patch to disable a feature that the men suspected had been turned on by accident. They plan to release a paper at the Def Con security conference next month that includes code for remote access, which will no longer work on cars that have been updated.
They said the harder problem for an attacker, moving from the entertainment system to the core onboard network, would take months for other top-tier hackers to emulate.
Many Jeeps could remain unpatched, leaving them open to attack. But the researchers said hackers would need to know the Internet Protocol address of a car in order to attack it specifically, and that address changes every time the car starts.
Otherwise, “You have to attack random cars,” Valasek said.
The men stressed that it would be easy to make modest adjustments to their code and attack other types of vehicles.
They said that manufacturers, who are racing to add new Internet-connected features, should work much harder on creating safe capability for automatic over-the-air software updates, segregation of onboard entertainment and engineering networks, and intrusion-detection software for stopping improper commands.
I wonder if we will find out that the people who had those accelating Prius issues were remotely attacked. Does a Prius have an ip address? I hope not.
There are more freaky details here:
The hackers in a test turned on the car’s radio to a particular station, blasted the volume, displayed a picture of themselves on the vehicle’s screen, sprayed the windshield with fluid, blasted cold air and killed the engine at 70 mph on the highway. This is not a game. Patch your Jeep.
Could they have accelerated and disabled the breaks? Yikes. Here’s what they could do to a 2010 model Prius with physical access to it:
As I drove their vehicles for more than an hour, Miller and Valasek showed that they’ve reverse-engineered enough of the software of the Escape and the Toyota Prius (both the 2010 model) to demonstrate a range of nasty surprises: everything from annoyances like uncontrollably blasting the horn to serious hazards like slamming on the Prius’ brakes at high speeds. They sent commands from their laptops that killed power steering, spoofed the GPS and made pathological liars out of speedometers and odometers. Finally they directed me out to a country road, where Valasek showed that he could violently jerk the Prius’ steering at any speed, threatening to send us into a cornfield or a head-on collision. “Imagine you’re driving down a highway at 80 ,” Valasek says. “You’re going into the car next to you or into oncoming traffic. That’s going to be bad times.”