A zero-day exploit for Jeep Cherokees allows hackers to control everything from the engine to the air-conditioning over the Internet, overriding the driver at the dashboard.
Charlie Miller and Chris Valasek demoed their exploit for Wired's Andy Greenberg, putting him on the highway in a Jeep which they then seized control over, putting their faces on the in-dash screen. They were able to control the car's electrics — windshield wipers, AC, radio, etc — as well as the acceleration and steering. Miller and Valasek will present their work at Black Hat in Vegas next month.
It's yet more evidence that a car is a computer that hurtles down the road high speed with you trapped inside it — and that the computer's security, auditability and transparency are the most salient facts about your car.
Meanwhile, remember that GM told the Copyright Office this year that cars are copyrighted works, and that examining their firmware is a copyright violation under section 1201 of the DMCA, which I have vowed to kill within a decade.
All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle's entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won't identify until their Black Hat talk, Uconnect's cellular connection also lets anyone who knows the car's IP address gain access from anywhere in the country. "From an attacker's perspective, it's a super nice vulnerability," Miller says.
From that entry point, Miller and Valasek's attack pivots to an adjacent chip in the car's head unit—the hardware for its entertainment system—silently rewriting the chip's firmware to plant their code. That rewritten firmware is capable of sending commands through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their full set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, though they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to try remotely hacking into other makes and models of cars.
After the researchers reveal the details of their work in Vegas, only two things will prevent their tool from enabling a wave of attacks on Jeeps around the world. First, they plan to leave out the part of the attack that rewrites the chip's firmware; hackers following in their footsteps will have to reverse-engineer that element, a process that took Miller and Valasek months. But the code they publish will enable many of the dashboard hijinks they demonstrated on me as well as GPS tracking.
Hackers Remotely Kill a Jeep on the Highway—With Me in It [Andy Greenberg/Wired]