Charlie Miller and Chris Valasek have shown how an attack can take control of steering, press the gas pedal and even kill the brakes while the vehicle is driving at high speeds.
The security pros took the Jeep "out in the sticks" to try out the attacks. In one attack, they whipped the steering wheel 90 degrees while the Jeep was driving at 60 mph, reported Network World. To hammer the point home, Valasek told Wired, “Imagine last year if instead of cutting the transmission on the highway, we’d turned the wheel 180 degrees. You wouldn’t be on the phone with us. You’d be dead.”
In another test on a remote road that yanked the steering wheel, the Jeep ended up stuck in a muddy ditch. According to a Dark Reading report, a crop-duster spotted the disabled Jeep and called the cops, but a pickup driver stopped to help them. Valasek, who had been driving, said, “Charlie was running [the attack] in the backseat, and we curved and hit the ditch and couldn’t get out because it was super-muddy.”
But the attacks work on more than steering; an attack could control both the acceleration and brake pedals. Miller told Dark Reading: “We can permanently lock the electronic parking brake so it’s permanently immobilized. Even if you restarted the car, the parking brake would be on and you would not be able to drive anywhere. We disabled all aspects of steering, so it’s super-hard to turn the wheel and even harder if you drive the car without steering [capability] … at any speed.”
Miller and Valasek said they found techniques to bypass some of the safeguards that auto makers have recently put in place, with disturbing results, said Wired. Instead of merely compromising one of the so-called electronic control units or ECUs on a target car’s CAN network and using it to spoof messages to the car’s steering or brakes, they also attacked the ECU that sends legitimate commands to those components, which would otherwise contradict their malicious commands and prevent their attack.
By putting that second ECU into “bootrom” mode—the first step in updating the ECU’s firmware that a mechanic might use to fix a bug—they were able to paralyze that innocent ECU and send malicious commands to the target component without interference. “You have one computer in the car telling it to do one thing and we’re telling it to do something else,” says Miller. “Essentially our solution is to knock the other computer offline.”
The only thing the researchers were not able to pull off was the direct hack of the Jeep’s braking system, said Dark Reading. “We never directly influenced the brakes,” Miller said, mainly because they didn’t have the firmware for the ABS module to reverse-engineer it. Instead, they were able to force the brakes to engage when the e-brake was disabled.
Wired said it reached out to Chrysler’s parent company Fiat Chrysler Automobiles, (FCA) and the company responded in a statement emphasizing that Miller and Valasek’s attack could not have been performed remotely. “This demonstration required a computer to be physically connected into the vehicle’s onboard diagnostic (OBD) port and present in the vehicle,” FCA’s statement said. “while we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA US vehicles.” The statement also claims that Miller and Valasek’s Jeep “appears to have been altered back to an older level of software,” the company adds. “It is highly unlikely that this exploit could be possible…if the vehicle software were still at the latest level.”
“There will almost certainly continue to be remote vulnerabilities in the future,” added Karl Koscher, a researcher at the University of California at San Diego who found one of the first car-hacking techniques for GM’s Onstar in 2010. Miller and Valasek’s latest work shows, he says, that “if you can get on the right CAN bus through those vulnerabilities, you can use these techniques to take pretty dramatic control of the car.”