In a great digital experiment, Wired reporter Andy Greenberg played the roll of “crash-test dummy” as two hackers took him for the ride of his life in this late-model Jeep.
In the video, you’ll see just how easy it was for hackers Charlie Miller, a security engineer for Twitter, and Chris Valasek, director of vehicle safety research at Seattle-based IOActive, to take control of Greenberg’s vehicle. The pranks are simple to start — flipping on the fans and cranking the radio — but when they kill the engine, you can see Greenberg get a little bit nervous.
Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.
It was part of a Wired experiment to see just how effective Miller and Valasek’s car-hacking abilities are, something the pair has been researching “over the past year,” according to Wired. The technique is called a “zero-day exploit,” which essentially would give hackers wireless control to “thousands” of Chrysler vehicles that have Uconnect, the car’s Wi-Fi enabled computer system connected to the Sprint network.
According to Wired, Miller has “scanned Sprint’s network multiple times for vulnerable vehicles and recorded their vehicle identification numbers. Plugging that data into an algorithm sometimes used for tagging and tracking wild animals to estimate their population size, he estimated that there are as many as 471,000 vehicles with vulnerable Uconnect systems on the road.”
Chrysler has issued a security patch for the data breach and is encouraging all owners to install the update.
That said, it shows some pretty hefty vulnerabilities in connected vehicles. Miller and Valasek will present some of the data at the Black Hat security conference in August.