Some of you have probably already read Wired’s shocking article published yesterday titled: Hackers Remotely Kill a Jeep on the Highway—With Me in It. If not, I strongly suggest getting caught up.
If two guys working out of a basement estimate they can hack 471,000 vehicles made by Chysler from their couch, just imagine what a more sophisticated and well funded team can do.
Here are some excerpts from Wired:
I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.
The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.
This wasn’t the first time Miller and Valasek had put me behind the wheel of a compromised car. In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Bend, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel. “When you lose faith that a car will do what you tell it to do,” Miller observed at the time, “it really changes your whole view of how the thing works.” Back then, however, their hacks had a comforting limitation: The attacker’s PC had been wired into the vehicles’ onboard diagnostic port, a feature that normally gives repair technicians access to information about the car’s electronically controlled systems.
A mere two years later, that carjacking has gone wireless.
Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route.
All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone.
Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic. (Download the update here.) That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable.
For the auto industry and its watchdogs, in other words, Miller and Valasek’s release may be the last warning before they see a full-blown zero-day attack. “The regulators and the industry can no longer count on the idea that exploit code won’t be in the wild,” Savage says. “They’ve been thinking it wasn’t an imminent danger you needed to deal with. That implicit assumption is now dead.”
When Miller and Valasek first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, confining its range to a few dozen yards. When they discovered the Uconnect’s cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn’t the limit. “When I saw we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that’s a vehicle on a highway in the middle of the country. Car hacking got real, right then.”
Based on that study, they rated Jeep Cherokee the most hackable model. Cadillac’s Escalade and Infiniti’s Q50 didn’t fare much better; Miller and Valasek ranked them second- and third-most vulnerable.
Since then, Miller has scanned Sprint’s network multiple times for vulnerable vehicles and recorded their vehicle identification numbers. Plugging that data into an algorithm sometimes used for tagging and tracking wild animals to estimate their population size, he estimated that there are as many as 471,000 vehicles with vulnerable Uconnect systems on the road.
“For all the critics in 2013 who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”
Indeed.
With all that in mind, let’s recall what I highlighted back in 2013: Latest Info on Michael Hastings: He Thought “His Mercedes was Being Tampered With.”
For related articles, see:
Edward Snowden Won’t Use an iPhone – Here’s Why
Adult FriendFinder Hacked – Accusations Emerge that Federal Employees Used it from Government Emails
FBI Moves to Broaden Hacking Authority – Google Says it Poses “Monumental Constitutional Concern”
Snapchat Hacked – At Least 100,000 Photos at Risk
Computer Security Expert Claims he Hacked the ObamaCare Website in 4 Minutes
Hackers For Government Hire: A Growing and Deeply Disturbing Industry
In Liberty,
Michael Krieger
Donate bitcoins: 35DBUbbAQHTqbDaAc5mAaN6BqwA2AxuE7G
Follow me on Twitter.
MY friend was just talking about this the other day,HIS son is in the US MARINES,they’ve been teaching the marines to hack the throttle control of cars on american highways,HE thought it was funny how they could do that,he wouldn’t be laughing if it happened to him,I asked him WHY would the military want to control the gas pedal of some ones car??OUR GOVERNMENT is out of control,Hope you guys are ready,this kind of stuff NEVER turns out well…………
No where to run no where to hide when Government through its Business Shams have set up to control us with lies or illegal adaptions to all of electronic devices. Learn to ride a horse?
Quit with the caps everywhere. It makes for a confusing read and your intended meaning is easily lost.
Our society is on a knife’s edge. The only reason we haven’t already been brought to our knees from a massive, coordinated hack, is sufficient motivation, or just a matter of timing.
It is coming, though. If it happens tomorrow and you don’t have food, water, fuel, cash and some gold/silver RIGHT NOW, then you could very well be dead by September.
The world is on a knife’s edge – on purpose. The chaos is being permitted, so it can all be burned down. The elitists want death and lots of it. There will be so much death if Christ doesn’t return when He will, there would be no one left (His own words).
This is why I will only buy cars from early 70’s or earlier. No electronic ignition, and either mechanical fuel injection or carburetors. Although electronic ignition and electronic fuel injection in pre-computerized vehicles cannot be hacked, a directed high-energy electromagnetic pulse will destroy the electronics.
Well, I’ve got two feet. I can walk.
So you can be remotely locked in your car, steered to a location of the hackers choice, crashed in route and listened to or talked to on the way.
I can just hear Diane Sawyer now.
Thousands of vehicles are reportedly out of control on the nations highways with more crashes than the police can respond to and many drivers appear to be driving to remote locations where they cannot be found by family members.
Cuba might be on to something only allowing cars built before 1959.