Imagine you’re driving down Interstate 35 at 70 miles per hour just outside of Dallas when your car begins to spray wiper fluid continuously on your windshield while the windshield wipers are flailing madly away. Or your stereo starts blaring a local radio station and you’re unable to turn down the volume, change stations, or turn it off. Maybe your air conditioner turns on at full blast but you didn’t touch anything, or you start slowing down and you’re unable to accelerate even when the pedal’s floored.
You don’t have to imagine this, it actually happened to Andy Greenberg, a senior writer for WIRED Magazine who willingly drove a 2014 Jeep Cherokee while two hackers, Charlie Miller and Chris Valasek demonstrated what they were able to do. Miller and Valasek were able to remotely hack the Jeep through the internet to its U Connect enabled entertainment system via its built in cellular connection.
In addition to commandeering the wiper fluid, wiper blades, and stereo, they were also able to kill the engine, abruptly engage the brakes, and kill them totally. At low speeds and when the Jeep is in reverse, they were able to hijack the steering, all of which was pretty frightening for Andy Greenberg who was at the wheel. Miller and Valasek were also able to breach the Jeep’s GPS system allowing them to measure its speed and trace its route.
Charlie Miller and Chris Valasek shared what they were able to do with Fiat Chrysler who subsequently created a security patch for the entertainment system’s software. They went on to issue a recall on 1.4 million vehicles which could be similarly hacked. This issue affects more than just Fiat Chrysler. Miller and Valasek discovered certain Cadillac Escalades and Infinity Q50’s have comparable vulnerabilities, as do 21 other vehicles.
There are a number of issues raised by the report Miller and Valasek will release at this month’s Black Hat security conference for both auto makers, law makers, and car insurance companies. It appears too few automakers are thinking about how to deter a cyber-attack on a car or truck. Too many of the vehicles have systems that are integrated instead of separate. In these cases, the steering, braking, and engine control systems can be breached by one of the vehicle’s other systems.
Lawmakers are just now tackling the problem. Senators Ed Markey of Massachusetts and Richard Blumenthal of Connecticut are introducing an automotive security bill. Their bill seeks to have the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission set new security standards for vehicles, as well as create a privacy and security rating system for consumers.
Car insurance companies also need to take note of what Charlie Miller and Chris Valasek were able to do. Obviously, if a hacker caused an accident as a result of disabling the breaks, tampering with the accelerator, or turning the car when unexpected, they’d be at fault. But could it be proven by a claims adjuster that is what happened or would the policy holder be found liable? Worse yet, what if someone was killed in the accident? Who’s liable would be the least of their worries.
Hacking a moving car or Jeep isn’t some future issue. It’s here, right now, and everyone needs to step up to the plate immediately. It will only be a greater issue as vehicles become more automated and take over part or all of the driving for us. What do you think? Share your comments with me on my Google +, Facebook, and LinkedIn pages. I’d love to hear from you!
If you haven’t already done so, read Andy Greenberg’s article and watch the video at http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/