Another year, another Black Hat, another Jeep steered into a ditch next to a cornfield.
Last July, you might recall how automotive cybersecurity researchers Charlie Miller and Chris Valasek remotely hijacked the digital systems of a Jeep Cherokee from 10 miles away, including its brakes, accelerator, radio, horn and windshield wipers.
It was nerve-wracking for Wired’s Andy Greenberg, who was behind the wheel, driving in traffic, when Miller and Valasek paralyzed the car on highway I-64.
Nerve-wracking, yes, but still nice, safe and controlled: the initial research limited the car’s speed to 5 mph.
Now, the pair are back to show what they could have done if they’d continued to work on the attack in secret, as malicious hackers might have done. Namely, they’ve come up with a new attack in which they managed to spin a steering wheel 90 degrees while the car was traveling at 60 mph.
Granted, this time, the attack was much tougher to pull off.
As Dark Reading’s Kelly Jackson Higgins tells it, last year’s hack was carried out from Miller’s living room.
This year, the two physically plugged into the diagnostic port of the Jeep to send phony messages to the car’s network, which is called the CAN (Controller Area Network) bus.
This time they left the living room and rode along, hacking and driving the car.
The Jeep in question had been patched for the flaw they found last time. In spite of this, however, the pair not only managed to spin the wheel 90 degrees while the car was going 60 mph; they also managed to control the gas pedal and the brakes.
Here’s a video showing one of the attacks, which sent the pair into a ditch next to a cornfield:
Dark Reading quotes Miller:
We can lock the electronic parking brake so it’s permanently immobilized. Even if you restarted the car, the parking brake would be on and you would not be able to drive anywhere.
We disabled all aspects of steering, so it’s super-hard to turn the wheel and even harder if you drive the car without steering [capability] … at any speed.
The researchers’ 2015 demo, which showed an attack carried out via a cellular network that leveraged a 2014 Jeep’s UConnect entertainment system, led to a historic recall of a whopping 1.4 million vehicles.
The Jeep’s automaker, Fiat Chrysler, subsequently reported that 10 different vehicle models were vulnerable to the hack.
Miller and Valasek last month provided Jeep maker Fiat Chrysler with their most recent findings, along with recommendations for mitigating the new attacks.
Fiat Chrysler recently launched Detroit’s first bug bounty for car hacking.
The company said in a statement that the new attacks would be tough to pull off.
Dark Reading quotes the statement:
Based on the material provided, while we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other [Fiat Chrysler] US vehicles.
Miller and Valasek are now working at Uber’s Advanced Technologies Center, working to help develop self-driving cars.
The pair will be back at the Black Hat security show on Thursday to discuss how bad that 2015 attack could have been if it had been found and exploited by malicious hackers, instead of being disclosed and patched.
5 comments on “The Jeep hackers return to ditch a car going 60 mph”
That’s why I love the old cars!
Their technology was so simple with not so many ‘lights and I’ll park your car there’ and as we see now… well… more secure.
I’m wonder then car software developers will start to think for more security and not for ‘I’ll make this touchscreen do this’
Agreed on the wonderful classic cars–far fewer things to go wrong.
That’s the frustrating trick about security; it’s seldom not an afterthought, subordinate to “nifty” or “what if”
– IoT devices seamlessly interact throughout your home…and then a creep down the block spies on your kids
– No one (or not enough) thought of forbidding knives on airplanes…until a handful of jackasses used them to overtake flight crews.
It’s as if great ideas refuse to be hindered by comprehensive planning, though the last example was driven by convenience rather than an innovation.
Classic cars, with fewer components to go wrong, still used to break down a lot more often than modern cars do.
Not to mention the drip tray you needed.
Sorry guys but connecting directly to the CAN and sending it commands(that btw somebody probably whispered to them to map the signals with the car actions) is not really hacking.
That’s the job of the CAN, otherwise you could not for example turn on the lights on your car.
How often did you see somebody connecting to your car’s CAN with a serial cable? Not that often, no?