Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hacker: 'Hundreds of thousands' of vehicles are at risk of attack

Lucas Mearian | July 24, 2015
The best way to secure vehicles is by detecting attacks as they're happening.

Jeep Cherokee
Creative Commons Lic.. A Jeep Cherokee like the one Charlie Miller and Chris Valasek were able to hack into.

A security expert who recently demonstrated he could hack into a Jeep and control its most vital functions said the same could be done with hundreds of thousands of other vehicles on the road today.

Security experts Charlie Miller and Chris Valasek collaborated with Wired magazine to demonstrate how they could remotely hack into and control the entertainment system as well as more vital functions of a 2015 Jeep Cherokee.

Both hackers are experienced IT security researchers. Miller is a former NAS hacker and security researcher for Twitter and Valasek is the director of security research at IOActive, a consultancy.

As the Wired reporter drove the vehicle on a highway, the hackers were able to manipulate its radio and windshield wipers and even shut the car down.

The vehicle hack took place as Wired reporter Andy Greenberg drove the Jeep Cherokee on Rte. 40 in St. Louis. The hackers were 10 miles away at the time.

The hackers said they were able to use the cellular connection to the Jeep's entertainment system or head unit to gain access to other systems; a vehicle's head unit is commonly connected to various electronic control units (ECUs) located throughout a modern vehicle. There can be as many as 200 ECUs in a vehicle.

Jeep Cherokee head unit
Jeep. The UConnect head unit in a 2015 Jeep Cherokee.

It took Miller and Valasek about a year to hack into Chrysler's UConnect head unit, and according to Miller, it required three steps.

  • Gain access to the vehicle's head unit/controller chip and firmware
  • Use the head unit's firmware to compromise the vehicle's controller area network (CAN), which speaks to all of the electronic control units (ECUs) throughout the car
  • Discover which CAN messaging can control various vehicle functions.

"The first step I thought would be the hardest: to find a remote vulnerability and write an exploit for it. It turned out that was actually rather easy, so I had that done in about three weeks," Miller said. "The second step I thought would be really easy, was really hard. That took us maybe three months."

The final step of sending CAN messages to vehicle systems was simply an exercise in discovering which messages controlled which functions, Miller explained.

Jon Allen, a principal analyst at consultancy Booz Allen Hamilton, said he was uncertain whether the hackers' prior access to the vehicle helped enable the attack.

At the DefCon hacker conference in 2013, Miller and Valasek demonstrated they were able to hack into a Ford Escape and a Toyota Prius and control the brakes and steering. That hack, however, required physical access to the onboard diagnostics (OBD-II) computer port on each vehicle. Since 1996, OBD II ports have been standard on all U.S. vehicles, and they allow access to ECU data.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.