If you think that the idea of a car getting hacked remotely via internet, without the hacker even requiring to make any physical contact with the machine is too far removed from reality, you should probably have, well, a reality check. The feat has been accomplished recently, and is a precursor to the horrors of AI taking control of machines, predicted by luminaries such as Steve Wozniak, Bill Gates and Stephen Hawking. The hack can be performed using a security loophole in thousands of FCA’s (Fiat Chrysler Automobiles) vehicles running the Uconnect internet enabled software. Once the hackers knock the front door open, they can remotely control the car, even with a driver behind the wheel.
The issue was brought to fore by a report on the noted technology site Wired, whose senior correspondent Andy Greenberg was hacked remotely, with his permission by Charlie Miller and Chris Valasek, two security researchers. The duo has previously demonstrated how a car can be hacked by taking control of car models such as the Toyota Prius and a Ford Escape.
All images – courtesy Wired
The Jeep Cherokee which was used as the test vehicle for the experiment is just one of the hundreds of thousands of FCA cars running on public roads with the security loophole. The hackers managed to take control of the system, being able to manipulate functions as critical as engine revs and braking from their laptop, from a remote location. During the demonstration the hackers first played around with the AC temperature and wind blast, switched the radio stations, turned up the volume, brought on the windshield wipers with the wiper fluid getting constantly sprayed on the screen before disabling the engine and brakes, and crashing the car into a ditch. All this while, the driver wasn’t able to do anything to salvage the situation despite fiddling around as much as he willed with the physical controls. The most amazing thing about this entire experiment as we mentioned earlier, is that the hackers never had to even make a physical contact with the car before achieving such critical control.
The FCA group, with some assistance from the hacker duo in question have now released a patch to fix the problem. The update requires the users to physically insert a USB drive into the car’s USB socket and update the firmware. The car owners can perform the security update manually by downloading the software from the company’s website, or have it done through the dealerships.
With hundreds of thousands of cars with the compromised Uconnect system, however, it can be safely assumed that not all cars will be patched with the security update, still leaving thousands of cars vulnerable to an attack by the hackers in the know. Charlie Miller and Chris Valasek, the hacker duo who demonstrated the security loophole, however, claim that it’s not as easy as it sounds. It took the security engineers months of hard work to crack the vault, and they aren’t giving away any of the details to make it easy for those with ill-intentions.
The entire episode, however, makes it abundantly clear as to how vulnerable the software driven systems are to attacks by hackers.
Coming back to where we started off from, does it still appear too difficult for you to see a Genisys-style software entity crashing your car into a tree just for fun? Driverless cars, anyone?
Check out this video detailing how the security loophole was brought to fore