Tuesday, July 21, 2015

Hackers Remotely Kill a Jeep on the Highway

Wired has a great and scary article, Hackers Remotely Kill a Jeep on the Highway—With Me in It "The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country."

"Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route."

I think I missed this article about them from last year which came out just as I was buying a new car, How Hackable Is Your Car? Consult This Handy Chart and I'm glad I didn't go with an Infiniti Q50.

"Later today, senators Markey and Blumenthal intend to reveal new legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set new security standards and create a privacy and security rating system for consumers."

  1. That's my Senator. :)
  2. Is this one of the first times that computer security is being legislated? Are there penalties for the car companies if they don't meet the standards? Can we get this in other industries like airplanes, medical devices, power plants, appliances, routers and oh, I don't know... computers!?!

Update: Chrysler recalls 1.4 million cars at risk of being remotely hijacked. "Chrysler owners can visit this website and enter their car's VIN to see if it's included in the recall. If so, you don't have to take your car into the dealership — or anywhere, for that matter. Instead, you'll receive the previously released patch on a USB flash drive." What I don't understand is why they didn't do this once they had the patch.

No comments: