Imagine driving down the highway in a nice Jeep Cherokee with not a care in the world, only to have it start behaving like Bumblebee from the “Transformers” film and not in a good way. This however could be the case for any vehicle, not just a Jeep Cherokee.
That’s how it went for Andy Greenberg of Wired. The site was testing a “zero-day exploit” that was being controlled by hackers Charlie Miller and Chris Valasek.
“I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold,” said Greenberg in his article.
“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.”
The hackers were able to take full control of the vehicle remotely which could pose huge problems for automakers if it falls into the wrong hands. Some of the aspects that hackers would be able to control include, dashboard functions, steering, brakes and transmission according to the report. Greenberg had no idea when the attack would take place giving the experiment more of a realistic feel.
“From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code,” according to the report.
“That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015.”
The hackers have been working with Chrysler to develop a patch that can only be administered via USB stick or dealership programmer. The hack is pretty extensive and there is also video proof of the exploits in the full story.