Two veteran cybersecurity researchers – hackers turned on the Light side – have shown how they can use the Internet to seize control of a moving car – ringing yet another alarm about what’s at stake when it comes to autonomous and connected vehicles.
The pair used the Internet to gain access into a moving car, shutting down its engine in the process and swiftly jumping the stakes across the debate about the safety and privacy of the increasingly connected vehicles already on sale. Former National Security Agency hacker Charlie Miller, now at Twitter, and IOActive researcher Chris Valasek accessed a feature of the Fiat Chrysler Automobiles telematics system Uconnect to hack a car being on the road on a highway driven by a reporter from technology news site Wired.com. The controlled test showed the Jeep Cherokee’s radio could be turned on and then moved to other features before nailing the coup d’etat: they rewrote code that was embedded in the entertainment system hardware to gain access and command the internal network to steer, brake and tap with the engine. “There are hundreds of thousands of cars that are vulnerable on the road right now,” commented Miller.
Fiat Chrysler immediately reacted and said it had delivered a fix for the most serious vulnerability, with the software update available for free on the company’s website and at dealerships. Miller and Valasek have been at the forefront of automotive cybersecurity for years and issued numerous warnings about the possibility of remote hacking.