It sounds like a nightmare: You’re driving along, maybe whistling along to the radio, when suddenly the music changes and starts blasting, the car begins honking and won’t stop and the transmission cuts out. Nightmarish though that may sound, it could be a reality for drivers, after a team of hackers showed they’re able to get control of a vehicle from miles away.
Wired.com’s Andy Greenberg has a great story today of his time working with Charlie Miller and Chris Valasek, hackers who turned him into a “digital crash-test dummy” as they tested their car-hacking research. They developed a technique that can target Jeep Cherokees wirelessly and give the attacker control of any of thousands of vehicles via the Internet.
For the tests, Greenberg knew the car he was driving would be hacked, he just didn’t know when or how. The hackers — working from a laptop 10 miles away — promised not to do anything that could endanger him, however. He writes that he was going 70 mph on a highway when the team took control.
At first, they blasted him with cold air and hitched the radio’s volume up as high as it could go, and he couldn’t turn it off. The windshield wipers turned on and sent wiper fluid streaking across the glass. And then, things did get a bit scary: the transmission cut out.
Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.
After the Jeep gets stuck on an upward slope, with a semi-truck approaching it from behind, he finally called the hackers and begged them to make it stop so he could get out of that tough spot.
This kind of work is proving useful in the automotive industry, with car manufacturers and industry groups working together to create cyber defenses for commercially available vehicles. Though no instances of car hacking are known publicly, security experts and car makers have been busy conducting tests like the above to show how easily it could become a reality.
“You’re stepping into a rolling computer now,” Valasek told AP last fall.
Miller and Valasek are planning to publish some of their work on the Internet pegged to a talk they’re giving at the upcoming Black Hat security conference. Wired.com says their work on wireless hacking has inspired new legislation from senators Ed Markey and Richard Blumenthal, who introduced an automotive security bill on Tuesday to set new digital security standards for cars and trucks.
The Detroit News reports on the new Security and Privacy in Your Car, or SPY Act, which would direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards to secure cars and protect drivers’ privacy.
The SPY Act “also establishes a rating system — or ‘cyber dashboard’ — that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards,” the authors said.
“Rushing to roll out the next big thing, automakers have left cars unlocked to hackers and data trackers,” said Blumenthal. “This common-sense legislation protects the public against cybercriminals who exploit exciting advances in technology like self-driving and wireless connected cars. Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes. Security and safety need not be sacrificed for the convenience and promise of wireless progress.”
Check out the rest of Greenberg’s tale at Wired.com.