Did hackers remotely commandeer a Jeep? Apparently to prove a point (see “Hackers Remotely Kill a Jeep on the Highway—With Me in It” on Wired.com).
Is this science fiction? No.
Did it happen? Probably.
Should you be worried about this? Definitely.
The episode started with Andy Greenberg driving his Jeep Cherokee down a St. Louis, Mo., highway. The air conditioning comes on, then the radio switches to a local hip hop station plus the volume goes to max as well. The windshield wipers come on, followed by shots of washer fluid on the windshield. The navigation display suddenly shows Charlie Miller and Chris Valasek, the two hackers in cahoots with the driver, “wearing their trademark track suits.”
The zero-day attack on the car was choreographed and designed not to be dangerous to the driver, who was their friend. Eventually the transmission cut out, the engine surged, and the car slowed to a crawl. Things actually got a bit dicey as the car stopped to the unwelcome honking of cars and a trailing 18-wheeler. It was time to call off the hackers using the iPhone that had not been hacked yet.
The trio did this to highlight the susceptibility of new cars. The hackers indicated that this possibility is not an isolated case. The car did have WiFi, but this is only one attack vector.
They did cheat when initially developing the hack since their test PC was connected to the CAN-based diagnostics port of the car. This was to test out the engine-control hack. The complete test hacked in through the WiFi system to take control of the nav computer and they used the available Internet connection to call home. This is called Uconnect and it is used on Fiat Chrysler cars, trucks, and SUVs They plan on providing more details at this year’s Black Hat Conference this fall.
The hackers had already shared their research with Chrysler over nine months. The company had developed a patch that has been released. Hopefully you have it installed if you own one of these vehicles. Notifications were sent out already, but without giving the reason for the “important” free patch. The patch has to be installed via USB. It cannot be done over the air like the attack. Fiat Chrysler Automobiles (FCA) does not condone or really appreciate the hack, but hopefully they will not go after the hackers, whose demonstration highlighted a glaring hole in Chrysler’s system.