A Closer Look at Driverless Vehicle Hacking
Wired recently put out a report that discussed car hacking, and it was both very informative and disturbing at the same time. Andy Greenberg got behind the wheel of a Jeep Cherokee and allowed a pair of digital security researchers to hack into his vehicle wirelessly. They were able to access the wipers, stereo, climate control and even the engine, making the vehicle stall. Greenberg could do nothing about it as he drove on a busy highway, and other drivers had to take steps to avoid an accident.
As technology has improved, a host of issues have cropped up. When it comes to the automotive industry, it appears that hacking is a very real concern. Security is not as strong as it should be, and automakers have done nothing to stop hackers from being able to wirelessly access the vehicles and direct them to follow their commands. Hacking, of course, is nothing new, but in the past, the hackers would have to physically access the car to get into the dashboard and hook up a laptop so they could take over control. The Wired report was so stunning because Greenberg’s Jeep was not physically altered in any way. The hackers were miles away and were able to take control.
That is a scary thought. The Wired report takes care to simply lay out the facts and avoid exaggerations. The information is enough to keep you up at night and it certainly got the attention of the automotive press and tainted people’s attitudes on driverless cars. However, you don’t need to be afraid to get into your car for the following reasons.
The hacking in this case was carried out by Chris Valasek and Charlie Miller, whose names are well known in the security industry. They have been looking at vehicle computer systems for a long time and identifying weaknesses. In fact, if you’ve heard of car hacking before, it probably involved Valasek and Miller. About four years ago, they paired up with Greenberg and got into both a Ford Escape and a Toyota Prius with him. The cars were connected to laptops that allowed the two to take control of the car instead of Greenberg. They also recently listed the cars that they thought were ripe for the taking by hackers; the Jeep Cherokee (2014) was at the top of their list and that is the one that was involved in the Wired report.
Of course, this situation is much different because the duo was able to take over the car wirelessly. It is the Uconnect dashboard, made by Fiat Chrysler, that is problematic in this case. The Uconnect dashboard allows cars to have WiFi service through Sprint. Miller can connect his smartphone to his laptop and then find Uconnect cars in the area. With the help of software that he and Valasek came up with, he can target a vehicle and get its VIN, find out its IP address, determine its GPS location and get information on the make and model of the vehicle. After locating a vulnerable car, the pair put in code that is designed to cause problems. It gives the system directions and can affect the transmission, engine, brakes and steering.
Vehicles that came out in 2013-2015 and have a Uconnect system likely have this issue. Miller and Valasek believe that about half a million cars are vulnerable. The FCA put out a list of Ram, Jeep, Dodge and Chrysler vehicles that might have this problem.
There is a video that accompanies the written piece, and if you watch it, you may think that it isn’t very hard to take over a car. However, it is much harder than it seems, which is why drivers are probably fairly safe, even if they have a vulnerable vehicle.