A pair of veteran cyber-security researchers have shown they can use the Internet to turn off a car’s engine as it drives, sharply escalating the stakes in the debate about the safety of increasingly connected cars and trucks.
Former National Security Agency hacker Charlie Miller, now at Twitter, and IOActive researcher Chris Valasek used a feature in the Fiat Chrysler telematics system Uconnect to break into a car being driven on the highway by a reporter for technology news site Wired.com.
In a controlled test, they turned on the Jeep Cherokee’s radio and activated other inessential features before rewriting code embedded in the entertainment system hardware to issue commands through the internal network to steering, brakes and the engine. “There are hundreds of thousands of cars that are vulnerable on the road right now,” Miller told Reuters.
Fiat Chrysler said it had issued a fix for the most serious vulnerability involved. The software patch is available for free on the company’s website and at dealerships.
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorised and unlawful access to vehicle systems,” the company said. It didn’t immediately answer other questions. Miller and Valasek have been probing car safety for years and have been among those warning that remote hacking was inevitable. An academic team had previously said it hacked a moving vehicle from afar but did not say how or name the manufacturer, putting less pressure on the industry.
National Highway Traffic Safety Administration chief Mark Rosekind said his agency is increasingly concerned about the security of vehicle control systems. “We know these systems will become targets of bad actors,” he told a conference on autonomous and connected vehicle technology in Ypsilanti, Mich. If consumers don’t believe that connected vehicle systems are safe and secure, he said, “they will not engage it.”
