Over the last two years, two well-respected security researchers, Charlie Miller and Chris Valasek, have been hacking away at various cars, trying to find a way to control them remotely.
At the annual Black Hat and Def Con hacking conferences in Las Vegas in August, Mr. Miller and Mr. Valasek plan to demonstrate how, after two years of research, they have discovered a way to control hundreds of thousands of vehicles remotely.
From the Internet, they were able to track cars down by their location, see how fast they were going, turn their blinkers and lights on and off, mess with their windshield wipers, radios, navigation and, in some cases, control their brakes and steering.
Their discovery is several years in the making. In 2013, they described how they were able to control a Ford and a Toyota by plugging into a diagnostic port that could control the vehicle’s steering and speed. But the hack was of limited use to car manufacturers, who told them that anyone with physical access to the vehicle could just as easily cut the brakes.
So for the last year, Mr. Miller and Mr. Valasek have been tinkering with a Jeep, trying to find a way to control the car remotely. What they did not realize at the time was that their discovery would extend far beyond the Jeep and impact hundreds of thousands of other vehicles sold by Fiat Chrysler Automobiles.
Their research is likely to be one of the first discoveries in a new chapter of vulnerabilities and attacks directed at the so-called Internet of Things, the billions of products, machinery and infrastructure expected to come online over the next five years.
A report from Verizon found that 14 car manufacturers accounted for 80 percent of the worldwide auto market, and each one had a connected-car strategy.
Last year, the researchers bought a Jeep that came with a car stereo head unit, which offers a radio display, traffic and navigation system, and in this case, connected to the Internet through a hardware chip that provides a wireless and a cellular network connection.
Mr. Miller and Mr. Valasek discovered a vulnerability in that chip that allowed them to scan the Internet for affected vehicles, hack into the car stereo head unit and run their own code. In the process, they were able change the radio station and adjust the air-conditioning but not too much more.
It took another few months, but they found a way to crawl from the vulnerable wireless access chip to another chip within the same head unit that controlled the car’s electronics. Once they did that, they could control the car’s locks, windshield wipers, speedometer, lights, blinkers and even engage and disengage the brakes and steering, so long as the car was driving at sufficiently slow speeds (around six miles an hour or less ) — all from the Internet.
“I have done a lot of research, but this is the first time I’ve been truly freaked out,” Mr. Miller said in a phone interview. “When I could hack into a car in Nebraska driving down the freeway, I had that feeling, ‘I shouldn’t be able to do this.’”
Read more of the original article in The New York Times.
