Is your car cyber secure? If it uses the standard Uconnect system, used by thousands of Chrysler vehicles, it’s not. Two hackers have developed a method to hack into a car’s system and take absolute control of it, wherever it is, from anywhere in the U.S. The new system has exposed a fundamental flaw in the configuring of car systems that could potentially render thousands of cars across North America susceptible to cyber attacks from unknown faceless hackers. Questions have been raised, chief among them, are automakers doing everything to secure the end users?
The two hackers who have developed the system to randomly hack into vehicle systems are Charlie Miller and Chris Valasek. In a recent test, through a laptop connected to the internet and stationed 10 miles away, the two managed to easily take control of a Jeep Cherokee, rendering the driver powerless against an anonymous force. The two started by taking control of the Jeep’s vents, letting out a stream of hot air that sent the driver sweating bullets. They then took control of the radio, switching channels wirelessly, before sending the car wipers into overdrive. All this happened as the driver was inside, panicking. The big play came when they completely overrun the car systems, paralyzing the accelerator, killing the brakes and steering the Jeep into a ditch. The test driver was left dumbfounded.
The new study revealed just how much hacking had grown and just how little automakers are doing to secure the end users. According to Miller, their full arsenal includes controls that kill the engine, lower speed, unhook seat belts and even engage or disengage car brakes. The driver is absolutely powerless every time. According to the hackers, the security breach is possible only because the Jeep, like almost all cars today, are fitted with Uconnect operators, an internet connecting feature that controls the vehicle operations including navigation, entertainment and even WiFi connections. According to the two, the system allows them to easily figure out a car’s IP address, locate it from anywhere in America and take control of it effortlessly. Miller quipped, “From an attacker’s perspective, it’s a super nice vulnerability.”
The potential harm the system holds is enormous, inconceivable to drivers all over, unsettling for automakers and nerve wracking for U.S. authorities. Up to 41,000 vehicles can be located and seamlessly broken into wirelessly. The security threat posed is stupendous.
Thankfully the two hackers have revealed that they would share their knowledge with the world at the Black Hat conference on security to be held in Las Vegas next month. The two have even been sharing their research with Chrysler to help develop a new system that will ensure vehicles in the U.S. are attack proof.
Miller and Valasek have exposed a fundamental weakness in vehicle manufacturing. Through sharing their research with automakers, the two will surely play a huge role in making car systems hijack proof. In the end, it is the everyday American who will be more secure.