6 Replies Latest reply on Jul 23, 2015 9:32 PM by Philippe Baronti

    Hackers can now control cars (with drivers in them!) from a distance

      150701_car_hackers_12-582x388.jpg

      "I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

      Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

      As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.

      The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

      To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Remember, Andy,” Miller had said through my iPhone’s speaker just before I pulled onto the Interstate 64 on-ramp, “no matter what happens, don’t panic.”

      As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.

      Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

      At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.

      “You’re doomed!” Valasek shouted, but I couldn’t make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

      I followed Miller’s advice: I didn’t panic. I did, however, drop any semblance of bravery, grab my iPhone with a clammy fist, and beg the hackers to make it stop.

       

      (…)"

       

      IMG_0724-582x437.jpg

      Source: Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED

        • Re: Hackers can now control cars (with drivers in them!) from a distance

          It is crazy to think that a stranger could remotely control your car..


          Here is a video explaining the way it works:


          With cars becoming more and more connected, this type of hacking will be easier and more accessible, and this raises a lot of security questions..


          I am curious to have your thoughts on this... What do you think?

          Joannes ChapotAlexandre EchalierMitch TurckPhilippe BarontiDidier Rougeyron

            • Re: Hackers can now control cars (with drivers in them!) from a distance

              Thanks Marielle Khayat -- I'll be writing an article about this in the coming weeks. It would be reasonable to argue that self-driving vehicles are actually the best solution to this problem... which is ironic, because the public does not seem to fear having their conventional cars hacked (such as the one in this article), whereas they seem to be very worried about self-driving cars being hacked.

               

              The study in this article (and previous studies conducted by the same guys) illuminates three realities that most of us are ignorant to:

              1. Our cars already use the technology we imagine being susceptible to hackers

              2. It is not extremely difficult to override/hack that technology

              3. Traditional car manufacturers, to date, have relied heavily on hackers' lack of interest or expertise in overriding vehicle systems. The systems do not exhibit an impressive level of redundancy or robustness.

               

              So, my argument is this: if conventional vehicles are already/will soon be connected enough to become susceptible to severe hacking, and human drivers cannot practically overcome the hack while they are in control of the vehicle, then the best safeguard against hacking is the autonomous vehicle: a network of computers which monitor and communicate the behavior amongst all vehicles in a vicinity, and are trained to avoid accidents and resolve anomalies. As overseers of the broader environment and local vehicle cluster, self-driving vehicles are less susceptible to being confused by isolated hacks.

              • Re: Hackers can now control cars (with drivers in them!) from a distance

                Thank you Marielle Khayat, but with this video I am not going to feel reassured the next time I am in a car! It has been a while though since alarm bell have been rung about the security surrounding car entertainment systems. Just last Friday, The Economist wrote one of its featured articles on the Internet of Things and its security flaws. Security for connected cars is definitely the sort of things they refer to in their piece. Their point of view on the situation is that manufacturers of connected objects should set up sufficient security immediately, or at least leave a mainframe access for security patches. However the situation is not that simple because of the actors and the secrecy they pride themselves upon. One striking example was when academic researchers contacted Volkswagen to inform them of a breach in their remote-car-key system. The auto maker replied with a court injunction, which will dissuade future researchers from helping out. Google on the contrary offers rewards to hackers who signal flaws to them.

                 

                Overall, I believe the security issue surrounding the Internet of Things as a whole, and cars especially, lays on the shoulders of the car manufacturers themselves, and the tech companies who help them create the software.

                • Re: Hackers can now control cars (with drivers in them!) from a distance
                  Didier Rougeyron

                  This raises a lot of security questions, absolutelyMarielle Khayat. You can imagine if an average driver, not at all warned and not working for a high-tech magazine, had served as target? Of course Chrysler (parent company of Jeep) quickly reacted by publishing a software update intended to improve the security of the embedded computers of its cars. But thus with a delay time. We notice that a new world opens to the automobile sector… which was probably not to the program.

                  • Re: Hackers can now control cars (with drivers in them!) from a distance
                    Philippe Baronti

                    Thanks for scaring us Marielle Khayat ;-)

                    We are on the eternal issue about everything can be protected and every protected can be cracked and then better protected ....

                    I agree that at the moment, it is not so complex to hack a connected car, even with just a 20€ ODBII device plugged in your car.

                    I am not so concerned because the interest to hack a car, out of stealing it, or perhaps make the perfect crime in a film is not so strong. I am more worried about a bug like windows asking to reboot or making blue screen. I would prefer this not to happen in my car ;-)

                    Marielle Khayat, you should send your topic to all car manufacturer.