Car-Hacked! Flaw in Jeep Revealed

July 22, 2015

Did hackers remotely commandeer a Jeep Cherokee? Apparently, to prove a point.

Electronicdesign Com Sites Electronicdesign com Files Uploads 2015 02 Hacking Car Fig 0

Andy Greenberg was driving the Jeep that was remotely forced off the road by hackers Charlie Miller and Chris Valasek.

Did hackers remotely commandeer a Jeep? Apparently to prove a point (see “Hackers Remotely Kill a Jeep on the Highway—With Me in It” on Wired.com).

Is this science fiction? No.

Did it happen? Probably.

Should you be worried about this? Definitely.

The episode started with Andy Greenberg driving his Jeep Cherokee down a St. Louis, Mo., highway. The air conditioning comes on, then the radio switches to a local hip hop station plus the volume goes to max as well. The windshield wipers come on, followed by shots of washer fluid on the windshield. The navigation display suddenly shows Charlie Miller and Chris Valasek, the two hackers in cahoots with the driver, “wearing their trademark track suits.”

The zero-day attack on the car was choreographed and designed not to be dangerous to the driver, who was their friend. Eventually the transmission cut out, the engine surged, and the car slowed to a crawl. Things actually got a bit dicey as the car stopped to the unwelcome honking of cars and a trailing 18-wheeler. It was time to call off the hackers using the iPhone that had not been hacked yet.

The trio did this to highlight the susceptibility of new cars. The hackers indicated that this possibility is not an isolated case. The car did have WiFi, but this is only one attack vector.

They did cheat when initially developing the hack since their test PC was connected to the CAN-based diagnostics port of the car. This was to test out the engine-control hack. The complete test hacked in through the WiFi system to take control of the nav computer and they used the available Internet connection to call home. This is called Uconnect and it is used on Fiat Chrysler cars, trucks, and SUVs They plan on providing more details at this year’s Black Hat Conference this fall.

The hackers had already shared their research with Chrysler over nine months. The company had developed a patch that has been released. Hopefully you have it installed if you own one of these vehicles. Notifications were sent out already, but without giving the reason for the “important” free patch. The patch has to be installed via USB. It cannot be done over the air like the attack. Fiat Chrysler Automobiles (FCA) does not condone or really appreciate the hack, but hopefully they will not go after the hackers, whose demonstration highlighted a glaring hole in Chrysler’s system.

About the Author

William Wong Blog | Senior Content Director

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column. Bill is a Georgia Tech alumni with a B.S in Electrical Engineering and a master's degree in computer science for Rutgers, The State University of New Jersey.

He has written a dozen books and was the first Director of PC Labs at PC Magazine. He has worked in the computer and publication industry for almost 40 years and has been with Electronic Design since 2000. He helps run the Mercer Science and Engineering Fair in Mercer County, NJ.