Hacked
by eric •
Charlie
Miller (right) a security researcher at Twitter, and Chris Valasek
(left), director of Vehicle Security Research at IOActive, have exposed
the security vulnerabilities in automobiles by hacking into cars
remotely, controlling the cars’ various controls from the radio volume
to the brakes. Photographed on Wednesday, July 1, 2015 in Ladue, Mo.
(Photo © Whitney Curtis for WIRED.com)
They’ve already done so in fact with one.
According to a report just published on wired.com a guy lost control of his new Jeep Cherokee when someone – using a laptop and sail fawn – hooked in to the vehicle’s systems and began to root around in its electronic guts, kind of like that scene in the classic William Shatner episode of Twilight Zone.
There’s …something on the wing!
Only this time, there really was.
Under the hood, anyhow.
The hackers began by “adjusting” the AC. Next, they cycled the wipers. Then – according to the article – the hackers actually transmitted images of themselves over the Jeep’s LCD display, laughing at the no-longer-driver of the Jeep before disabling the vehicle’s brakes, leaving the no-longer-driver frantically pumping and getting nothing. He ended up in a ditch.
How – as they say in Russia – is possible?
Here’s how:
First, realize that your car is a computer as much as a car. Actually, it is a computer that controls a car. Everything mechanical is supervised – controlled – by the computer. This includes the engine, transmission and brakes. You may be under the impression that when you move the gear selector from Park to Drive, for instance, you are physically controlling the action. And also when you push on the gas pedal.
Which you may assume is physically connected to the engine.
Uh, nope. Not anymore. Not in most new (and recent model) cars. Which are controlled via drive-by-wire. Electronics. Sensors and actuators. Not cables and rods.
This is done for several reasons, including ease of assembly at the factory (plug-in components rather than cables and rods that have to be adjusted) as well as consistency (it’s hard to make a throttle cable feel exactly the same in 10,000 cars… while it’s a snap to do that with drive-by-wire). Consistency is also critical in these days of government micromanagement of the car industry. Even minor variations in, for instance, idle RPM can affect mileage and emissions. Not hugely, but that’s not relevant. Even fractional differences can be all the difference when it comes to what comes out of the car’s tailpipe – and its Corporate Average Fuel Economy (CAFE) numbers.
So, we have drive-by-wire.
Your car’s brakes, meanwhile, have ABS – and the ABS is a critical element of the stability control system as well as the becoming-common “adaptive” cruise control and automatic collision avoidance systems that a growing roster of new cars either come standard with or offer as optional equipment.
Even the steering in a number of new cars is controlled to some extent – cue Dr. Strangelove – by the komputer. (See, for instance, the automated parallel parking systems available in a number of them. The car steers itself into the spot.)
And computers can be controlled by someone else.
In exactly the same way a virus can be transmitted over the ether and into your desktop PC, or hackers can tap into your PC without ever physically breaching your home, you car can now be accessed – and controlled.
It’s not just theoretical. And it’s not just Fiat-Chrysler vehicles, either. Other cars – including GM and Audi cars, to name at least two – also offer in-car/take-it-with-you WiFi. Meaning you – and your passengers – can get online in the car. Instead of searching for a Starbucks, you can fire up the laptop at a nice overlook – or at a tailgate party. The WiFi works within a certain radius outside the car, too.
And more than just your Pandora song list can leach into the car this way – as the Jeep driver discovered.
It’s not just cars, either. The FBI reported that a hacker managed to access a commercial jet’s flight controls – which are “fly-by-wire” in the latest generation jets.
Now, the Jeep Incident was planned. Wired.com writer Andy Greenberg worked with professional hackers to see whether it could be done.
They succeeded. Which means other, not-so-professional hackers could succeed, too.
That’s the take-away point here.
And there’s more to it than just over-riding the car’s controls. The car (meaning you) can also easily be tracked – and conversations within the car monitored and recorded, all without the knowledge – much less consent – of the car’s owner and his passengers. It’s not just a creepy idea. It’s a certifiable fact.
Many new cars come equipped with microphones – a key component of the voice command (you can instruct the car to do various things, such as call someone) systems now common in new cars. They’re tied into Bluetooth wireless or some equivalent.
Those wireless signals can be hijacked (or tapped into).
It is absolutely the case that someone could be watching you – and more – in almost any new car.
And probably is – whether you realize it or not.
True story: Several years ago, I was driving a new Cadillac press car loaner equipped (as all GM cars are) with OnStar. Being a conscientious automotive journalist, I was evaluating the Caddy’s lateral grip capabilities. In mid-corner, wheels cocked and the Caddy’s ass end hanging out, a woman’s voice erupted from the dashboard – asking whether I needed emergency services. OnStar had registered excessive G forces and narced me out to the GM version of Big Brother. Well, Big Sister, in this case.
I told the woman – once I’d recovered (and managed to maintain control of the car, after what amounted to an unexpected auditory Tazering) that, no, I was fine. But the experience shook me. Because at that moment, I knew I was not alone – even though there was no one in the car but me.
That was about five years ago.
Back then, all they could do was monitor you. Now – courtesy of integrated drive-by-wire control of pretty much everything in the car and the ubiquity of Bluetooth wireless and (soon) in-car WiFi access, the car can by physically controlled, too.
It’s a Terminator scenario. Only it’s not the machines who are in control.
It’s just not you that’s in control.
If you value independent media, please support independent media. We depend on you to keep the wheels turning!
Our donate button is here.If you prefer to avoid PayPal, our mailing address is:
EPautos
721 Hummingbird Lane SE
Copper Hill, VA 24079
PS: EPautos stickers are free to those who sign up for a $5 or more monthly recurring donation to support EPautos, or for a one-time donation of $10 or more. (Please be sure to tell us you want a sticker – and also, provide an address, so we know where to mail the thing!)
No comments:
Post a Comment