Hackers Can Kill You! 'Experts' Seize Control Of Speeding SUV On Highway

In 2013, Andy Greenberg, then a Forbes writer, asked Charlie Miller, a security engineer at Twitter, and Chris Valasek, the director of security intelligence at the Seattle consultancy IOActive, to prove him that a car is not a simple machine of glass and steel but a hackable network of computers. And by exploiting Ford Escape and Toyota Prius’ self-parking functions and reverse-engineering enough of the software, the ‘hackers’ sent commands from their laptops that killed power steering, spoofed the GPS and made pathological liars out of speedometers and odometers.

Two years later, Greenberg, now a senior writer for Wired magazine, asked Miller and Valasek — two “white hat” or altruistic hackers — to show him what they could do to a Jeep Cherokee and whether they could again highlight the security vulnerabilities of hundreds of thousands of American automobiles.

By sending data to its Internet-connected entertainment and navigation system via a mobile phone network, the ‘wireless carjackers’ managed to remotely take control of a Jeep Cherokee's air-conditioning system, radio and windshield wipers as Greenberg drove the SUV.

In a controlled test, they turned on the Jeep Cherokee’s radio and activated other inessential features before rewriting code embedded in the entertainment system hardware to issue commands through the internal network to steering, brakes and the engine.

“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass,” Greenberg wrote.

“Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route,” he revealed.

Even the hackers themselves were taken aback by their abilities.“When I saw we could do it anywhere, over the Internet, I freaked out. I was frightened. It was like, holy f—, that’s a vehicle on a highway in the middle of the country. Car hacking got real, right then,” Valasek told Wired.

Miller and Valasek had earlier exploited a weak spot in Uconnect, an Internet-connected feature on as many as 471,000 Fiat Chrysler cars, SUVs, and trucks, and controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. Using a laptop computer and a burner phone, they were able to send a series of commands to the car.

“Uconnect computers are linked to the Internet by Sprint’s cellular network, and only other Sprint devices can talk to them,” Greenberg explained. By connecting a phone to his laptop, Miller was able to use the phone as a Wi-Fi hot spot and search Sprint’s entire 3G network for hackable cars.

Interestingly, on July 20, just hours after Wired published its story, Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) unveiled a bill aimed at keeping Internet-connected cars from getting hacked.

“Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car. Drivers shouldn’t have to choose between being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers,” Markey said in a statement.

Miller and Valasek aren’t the first to hack a car over the Internet. In 2011, a team of researchers from the University of Washington and the University of California at San Diego showed that they could wirelessly disable the locks and brakes on a sedan.