Imagine driving down the highway at 70 mph and then suddenly losing control of certain functions one by one. First, it starts out as the loss of inconsequential things, like the radio and A/C controls. But then the wipers start to have a mind of their own and then the brakes cut out. Now you’re trapped in a two ton steel box rolling down the highway at rapid speeds with no way to stop. Sounds scary right? Well, it should. And what’s even scarier is the fact that it’s incredibly real and possible for this to happen.
Charlie Miller and Chris Valasek are hackers. Hackers that use their powers for good. They often hold conferences to teach people about how to avoid these kinds of dangerous scenarios. Well, Charlie and Chris decided to do a little experiment with the Jeep Cherokee and willing participant, Andy Greenberg.
The new Jeep Cherokee has a bit of an issue which allows it to be remotely hacked. A zero-day exploit allows hackers to wirelessly enter the infotainment system and from there can control dashboard functions, steering, brakes and even the transmission. So Miller and Valasek put Greenberg in a new Cherokee and sent him onto Route 40 in St. Louis, Missouri, and had him get the car up to 70 mph. That’s when the fun began.
Greenberg knew ahead of time that the two hackers were going to play with the car a little bit, wirelessly, but he had no idea to what extent. As he’s driving along, at highway speed, is when the A/C came on full blast, out of nowhere. No biggie, might make the cabin a bit too cold, but otherwise is not a real issue. Then the radio switched on full blast. Again, not too big of a deal, just annoying. But then the windshield wipers and washers kicked on and stayed on, clouding the glass. This can be dangerous as it can impede vision. But then it to even scarier.
This stuff was all child’s play compared to what a hacker could really do if they so chose. Well the hackers decided to choose to do so and cut the transmission on Greenberg. No matter how hard he pressed the accelerator, no power was getting to the wheels. The rpms dropped, slowing the car down to a crawl on an overpass with no shoulder, which started blocking traffic. Cars behind him are honking and passing, but nothing worried Greenberg more than the approaching 18-wheeler which he hoped noticed his stillness. Though, after this ordeal, he was able to nurse the Jeep of an exit ramp and turn the car off and back on again, which reset the transmission.
Afterwards, he got back onto the highway and the hackers got back to hacking, testing other features. The last one they tested was probably the scariest, as they cut the brakes altogether, causing Greenberg to slide into a ditch. Ultimately Greenberg was unharmed, but only because this was a closed experiment with safety precautions in place.
This experiment shows how vulnerable certain automotive systems can be. It can be terrifying to know that this sort of thing can happen and the automakers wouldn’t be aware until it’s too late. Miller and Valasek made Chrysler aware of the issue have been working with Chrysler for the past nine months to help create a solution. But had it not been for these two hackers, who knows how long would have gone on and how many people would have figured this out and injured or even killed people. Both Miller and Valasek will be speaking at a Black Hat Security conference in Las Vegas next month about this and also publishing their findings. Hopefully this sort of thing can be prevented in the past and automakers will be held responsible in the future for any sort of software bugs that can cause harm to civilians.