The next time you’re buckled in behind the wheel, you may want to ask yourself: Am I really in control?
Two computer hackers have spent the past year cracking the digital defenses of Internet-connected vehicles. And what they’ve discovered is disturbing.
Charlie Miller, a security engineer at Twitter (TWTR), and Chris Valasek, director of vehicle safety research at the cybersecurity firm IOActive, can take over certain vulnerable automobiles with ease. The pair recently demonstrated their abilities on a Jeep Cherokee, remotely hacking into the highway-cruising vehicle from miles away, as Wired reported.
“Their code is an automaker’s nightmare,” wrote Wired reporter Andy Greenberg, who intrepidly volunteered to serve as a crash test dummy for the hacker duo. “Software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.”
The remote attack could be used to compromise as many as 471,000 vehicles on the road today, the team estimates.
Miller and Valasek plan to reveal more information about how they pulled off the Jeep stunt at the Black Hat conference next month. In the meantime, all they’ve said is that the trick involves using a cellular connection to break into the car’s entertainment system through a feature called UConnect. From there, they’re able to move laterally into other electronic parts of the vehicle, such as the air conditioning, transmission, and even the car’s steering controls.
Despite the security risks, automakers are more determined than ever to win the connected car race, and to turn their vehicles into computers. (And the reverse: Apple (AAPL) trying to turn its computers into cars.) Recently, a dozen of the top companies such as Ford and General Motors (GM) joined a coalition to share security data to protect their latest innovations from compromise.
In these early days, though, it seems the hackers have an edge. Watch the hackers’ antics in Wired’s video here.