Tuesday 2nd February 3:58 pm
The world’s most hackable car
Tuesday 15th September 2015 2:13 pm
Last time, in this multi-part extravaganza, I talked about hacking cars — and driving them into ditches. The hackers, Charlie Miller and Chris Valasek, were able to do their dirty work only when physically linked by a cable directly into the mechanic’s diagnostic socket built into every car manufactured today.
That was back in 2013. But by mid-2015, they were able to hack in from anywhere in the world, via the internet.
Miller and Valasek had chosen to spend their time learning how to hack into a Jeep — but many other cars were very hackable. They reckoned that the Cadillac Escalade and the Infiniti Q50 were almost as vulnerable as the Jeep Cherokee.
Indeed, they had done their homework before they settled on the Jeep as being the most hackable model. They had signed up as mechanics onto the website of the major carmakers, and had downloaded the technical manuals and wiring diagrams of dozens of cars. They then rated these cars on three factors — how their computers connected to the internet, how well these computers were isolated from critical driving systems, and finally, whether these critical driving systems could initiate physical actions such as pressing the brake or accelerator, turning the steering wheel, changing gears and so on.
So by mid-2015, these two hackers, Charlie Miller and Chris Valasek, were testing their hack with a compliant journalist, Andy Greenberg. His Jeep Cherokee was connected by its own SIM card to the Chrysler Uconnect vehicle assistance system. But the software and firmware of the Jeep had vulnerabilities.
Let me emphasise, Miller and Valasek had not planted any device in his Jeep — they just hacked into the system that was already there.
As Andy Greenberg drove his Jeep at 110 kilometres per hour on a highway near St Louis, they successively hacked into his air-con, radio, windscreen wiper and washers.
And then, from their basement, Miller and Valasek switched off both the electronically controlled gearbox, and his accelerator. Unfortunately, there was no convenient lane at the side of the road for him to pull over on, and the road began to climb — and a huge 18-wheel semi-trailer began looming suddenly larger in his rear-view mirror.
Greenberg took the sensible way out — he rang Miller and Valasek and asked them to give him back control of his car. They did.
They hadn’t run through their full range of hacks — which include killing the engine, and either fully engaging or totally disabling the brakes. So after they gave him back temporary control of his car, they finished off by disabling his brakes, which meant that he ended up running off the road and coming to an unexpected stop in a ditch.
But besides obviously taking over the car’s brakes, accelerator and steering, they could also surreptitiously do surveillance. Our hackers, could, via the flaws in the Chrysler Uconnect software, target the coordinates of most Chrysler vehicles, measure their speed, and even see the car’s vehicle identification number and IP address.
From anywhere in the world, they could snoop in on a Jeep Cherokee in California, a Dodge Durango in Michigan, and a Dodge Ram in Texas. All of these unsuspecting cars were totally susceptible to the same degree of remote and anonymous attack.
The fundamental problem is that very few of the software systems that control the cars’ computers have been designed from the ground up with security in mind.
They should be designed initially to reduce the number of potential attack or entry points, as well as have to undergo testing by an independent third party.
Furthermore, there should be inherent internal monitoring systems (in case anything goes crazy), and the fundamental design should incorporate separated or segmented architecture. This would mean that any successful attack would be limited to a small area, rather than give total and unfettered access to everything.
And finally, the car companies should put out regular security updates, like the ones you get for your computer.
We are moving from the internet of information to the internet of things. Cars, fridges, stoves, rice cookers — they are all increasingly being connected to the internet. Very few of them have been designed with security in mind. It’s as though they have been building houses without lockable front doors.
Indeed, just a few weeks after Miller and Valasek showed it was possible to hack cars over the internet, the American Food and Drug Administration issued a warning about certain computerized intravenous infusion systems. They could, like the Jeep, be remotely hacked. Suddenly, a hospital patient could find their dose of painkiller or antibiotic being controlled by a third party, anywhere in the world.
The dirty work of hacking has just gotten a whole lot dirtier, enabling not only cars, but human bodies, to be driven into their final ditches.
This blog first appeared on Dr Karl's Great Moments in Science
© 2016 Karl S. Kruszelnicki Pty Ltd