Hackers play havoc with brakes, acceleration of Jeep Cherokee
Staged demo for Wired journalist shows wireless compromise of critical systems
The safety of smart technology in commercial road vehicles was called into question this week after two US hackers demonstrated a zero-day exploit that allowed them to take control of the brakes and acceleration of a Jeep Cherokee.
Wired journalist Andy Greenberg played the role of guinea pig in the demo by Charlie Miller and Chris Valasek, who accessed the vehicle's "dashboard functions, steering, brakes, and transmission" while sitting in Miller's house 10 miles away.
According to Greenberg, the pair played with the windscreen wipers, stereo and air-conditioning before slowing the vehicle "to a crawl", while he drove along a crowded freeway in St Louis, Missouri.
The test continued in a more isolated area, where Miller and Valasek performed manoeuvres such as killing the engine and cutting off control of the brakes.
Greenberg noted that this was the second experiment by the duo in which he had participated. In 2013 he drove a Ford Escape and a Toyota Prius around a South Bend, Indiana, and Miller and Valasek played similar pranks. However, the 2013 demo required initially hooking up a PC to the target vehicles' onboard diagnostic port, but Greenberg claims this week's stunt was entirely wireless.
Miller and Valasek are now working on perfecting their steering control (they currently can only steer when the vehicle is traveling in reverse) in preparation for a presentation at next month's Black Hat conference in Las Vegas, Nevada.
Mechanical control is only part of what Miller and Valasek are able to do with the exploit. It can also be used for vehicle surveillance.
"They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route," Greenberg reported.