Security researchers Charlie Miller and Chris Valasek were able to hack into a Jeep on the highway and remotely control its radio, windshield wipers, navigation system and, finally, the brakes and steering. Miller and Valasek have been working for the last two years to hack various cars, with the aim of controlling them remotely. Their ability to hack the Jeep highlights one of the potential dangers inherent in the Internet of Things, as an increasing number of interconnected devices hit the market.
At the annual Black Hat and Def Con hacking conferences in Las Vegas in August, Miller and Valasek intend to demonstrate the results of their two years of research: a way to control hundreds of thousands of vehicles remotely, reports The New York Times. That’s because their success at controlling the Jeep extends to any car with the same head unit made by Fiat Chrysler automobiles. Most cars with that head unit are newer models sold from late 2013 to 2015.
“I have done a lot of research, but this is the first time I’ve been truly freaked out,” Miller told NYT. “When I could hack into a car in Nebraska driving down the freeway, I had that feeling, ‘I shouldn’t be able to do this’.”
Although the two researchers didn’t disclose details of the hack, NYT relates that the Jeep had a car stereo head unit for radio display, traffic and navigation, which was connected to the Internet through a hardware chip for wireless and cellular network connections.
Miller and Valasek found a flaw in that chip that allowed them to hack into the stereo head unit and run their own code. Later, they were able to access the firmware that allowed them to control the vehicles’ electronics, including steering and braking “so long as the car was driving at sufficiently slow speeds (around 6 mph or less).”
They notified Fiat Chrysler, which quickly developed and released a patch for the problem. A report from Verizon, says NYT, found that 14 car manufacturers, accounting for 80 percent of the worldwide auto market, all had a connected-car strategy.