Security Researchers Remotely Hijack Jeep Steering, Brakes Using UCconnect Vulnerability
One of the biggest concerns revolving around ever-improving vehicle technologies is the risk of their security being breached and an exploiter causing something bad to happen. After all, our vehicles are now kitted out with computers - they are computers - and whether we're talking about the desktop, mobile, or enterprise, we see computers get breached a lot.
Well, if you've tried to convince yourself that the computers in our vehicles are more bulletproof than those used elsewhere, you're about to have a rude awakening.
Tapping into and controlling the remote vehicle
Over at Wired, a proof-of-concept has been exhibited using a Jeep Cherokee. The writer, driving some 70 MPH in downtown St. Louis, had to battle various vehicular maladies at random. Simply reading the tale is enough to tighten up a little bit:
"Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass."
Oy. It's probably obvious that this test wasn't random; the writer was a guinea pig so that he could learn first-hand what could happen. This wasn't sanctioned by Jeep; this is security research with real working code. And that's beyond scary.
During the test, along a highway without a shoulder, the remote hackers pulled a trick that would have stressed almost anyone out: they cut the transmission. This caused the driver to be stuck in traffic, and hold up traffic, which included an impatient 18-wheeler. That's when an experiment like this ceases to be fun.
The test vehicle after its brakes were remotely disabled
The most frightening thing about this series of attacks is that they were entirely done wirelessly. With the proper set of tools and an IP address, someone can literally overtake your vehicle and ultimately cause something a lot worse than cranking your music volume.
The hacker duo is planning to unveil some of their findings at the Black Hat conference in Las Vegas next month. There are already regulations being worked on to help improve vehicle security, but it's admittedly disappointing that this kind of exploitation is possible right now with a vehicle that's already on the market.
Maybe there's some value in sticking with an older vehicle?