Another year, another Black Hat, another Jeep steered into a ditch next to a cornfield.
Last July, you might recall how automotive cybersecurity researchers Charlie Miller and Chris Valasek remotely hijacked the digital systems of a Jeep Cherokee from 10 miles away, including its brakes, accelerator, radio, horn and windshield wipers.
It was nerve-wracking for Wired’s Andy Greenberg, who was behind the wheel, driving in traffic, when Miller and Valasek paralyzed the car on highway I-64.
Nerve-wracking, yes, but still nice, safe and controlled: the initial research limited the car’s speed to 5 mph.
Now, the pair are back to show what they could have done if they’d continued to work on the attack in secret, as malicious hackers might have done. Namely, they’ve come up with a new attack in which they managed to spin a steering wheel 90 degrees while the car was traveling at 60 mph.
Granted, this time, the attack was much tougher to pull off.
As Dark Reading’s Kelly Jackson Higgins tells it, last year’s hack was carried out from Miller’s living room.
This year, the two physically plugged into the diagnostic port of the Jeep to send phony messages to the car’s network, which is called the CAN (Controller Area Network) bus.
This time they left the living room and rode along, hacking and driving the car.
The Jeep in question had been patched for the flaw they found last time. In spite of this, however, the pair not only managed to spin the wheel 90 degrees while the car was going 60 mph; they also managed to control the gas pedal and the brakes.
Here’s a video showing one of the attacks, which sent the pair into a ditch next to a cornfield:
Dark Reading quotes Miller:
We can lock the electronic parking brake so it’s permanently immobilized. Even if you restarted the car, the parking brake would be on and you would not be able to drive anywhere.
We disabled all aspects of steering, so it’s super-hard to turn the wheel and even harder if you drive the car without steering [capability] … at any speed.
The researchers’ 2015 demo, which showed an attack carried out via a cellular network that leveraged a 2014 Jeep’s UConnect entertainment system, led to a historic recall of a whopping 1.4 million vehicles.
The Jeep’s automaker, Fiat Chrysler, subsequently reported that 10 different vehicle models were vulnerable to the hack.
Miller and Valasek last month provided Jeep maker Fiat Chrysler with their most recent findings, along with recommendations for mitigating the new attacks.
Fiat Chrysler recently launched Detroit’s first bug bounty for car hacking.
The company said in a statement that the new attacks would be tough to pull off.
Dark Reading quotes the statement:
Based on the material provided, while we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other [Fiat Chrysler] US vehicles.
Miller and Valasek are now working at Uber’s Advanced Technologies Center, working to help develop self-driving cars.
The pair will be back at the Black Hat security show on Thursday to discuss how bad that 2015 attack could have been if it had been found and exploited by malicious hackers, instead of being disclosed and patched.