Wired.com writer Andy Greenberg tells a deeply unnerving story about a day which started like any other day: he was driving down the highway in his Jeep Cherokee, when the vehicle began to act possessed.
“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.”
Spontaneous Skee-lo is frightening enough without the promise of windshield wipers obstructing your view and precipitating a freeway car crash situation (note that Greenberg had been driving at seventy mph).
Then an image appeared on the car’s digital display. From beyond the grave? No, it was the masterminds behind the stunt, hackers Charlie Miller and Chris Valasek.
Terrifying? Now imagine if Greenberg hadn’t known what was happening, if he hadn’t signed up to be their car-hacking, crash-test guinea pig.
The duo’s hacking technique allows the attacker to gain remote control of a vehicle (specifically Jeep Cherokees in this case, but who knows what’s next?) over the internet. But messing with entertainment systems and dashboard functions is child’s play compared to the full extent of the hackers’ potential power, which covers everything from steering to brakes. All you need is a laptop and a code.
Miller and Valasek assured Greenberg that they wouldn’t do anything life-threatening, but that was hardly comforting. Once they cut the transmission, Greenberg’s accelerator stopped working, and the Jeep slowed to a crawl.
“The experiment had ceased to be fun.”
Cars lined up behind him, honking impatiently. But he was paralyzed.
Eventually, he ended up in a ditch.
How is any of this possible?
“Because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone."
And advanced tech like often goes hand-in-hand with some heavy vulnerabilities.
“Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot.”
The Jeep Cherokee is the most vulnerable model, but Miller estimates that there are as many as 471,000 vehicles with vulnerable Uconnect systems on the road.
If it’s any comfort, senators Ed Markey and Richard Blumenthal plan to introduce an automotive security bill today, in response to Miller and Valasek’s earlier vehicle hacking experiments, from 2013.
They better get to work on that, given how far Miller and Valasek have come along since then.
Check out the Wired article for details concerning the science, implications, and potential solutions behind this new era of security nightmares.