Hacked

27
12726
Charlie Miller (right) a security researcher at Twitter, and Chris Valasek (left), director of Vehicle Security Research at IOActive, have exposed the security vulnerabilities in automobiles by hacking into cars remotely, controlling the cars' various controls from the radio volume to the brakes. Photographed on Wednesday, July 1, 2015 in Ladue, Mo. (Photo © Whitney Curtis for WIRED.com)

Well, I told ya so.

Charlie Miller (right) a security researcher at Twitter,  and Chris Valasek (left), director of Vehicle Security Research at IOActive, have exposed the security vulnerabilities in automobiles by hacking into cars remotely, controlling the cars' various controls from the radio volume to the brakes. Photographed on Wednesday, July 1, 2015 in Ladue, Mo. (Photo © Whitney Curtis for WIRED.com)
Charlie Miller (right) a security researcher at Twitter, and Chris Valasek (left), director of Vehicle Security Research at IOActive, have exposed the security vulnerabilities in automobiles by hacking into cars remotely, controlling the cars’ various controls from the radio volume to the brakes. Photographed on Wednesday, July 1, 2015 in Ladue, Mo. (Photo © Whitney Curtis for WIRED.com)

First they hacked the Google car. Now, it appears, they – “they” being hackers – could, in principle at least, take over half-a-million Jeeps (and other Fiat-Chrysler vehicles) equipped with in-car WiFi.

They’ve already done so in fact with one.

According to a report just published on wired.com a guy lost control of his new Jeep Cherokee when someone – using a laptop and sail fawn – hooked in to the vehicle’s systems and began to root around in its electronic guts, kind of like that scene in the classic William Shatner episode of Twilight Zone.

There’s …something on the wing!

Only this time, there really was.

Under the hood, anyhow.

The hackers began by “adjusting” the AC. Next, they cycled the wipers. Then – according to the article – the hackers actually transmitted images of themselves over the Jeep’s LCD display, laughing at the no-longer-driver of the Jeep before disabling the vehicle’s brakes, leaving the no-longer-driver frantically pumping and getting nothing. He ended up in a ditch.

How – as they say in Russia – is possible?

Here’s how:

First, realize that your car is a computer as much as a car. Actually, it is a computer that controls a car. Everything mechanical is supervised – controlled – by the computer. This includes the engine, transmission and brakes. You may be under the impression that when you move the gear selector from Park to Drive, for instance, you are physically controlling the action. And also when you push on the gas pedal.hacked Jeep 3

Which you may assume is physically connected to the engine.

Uh, nope. Not anymore. Not in most new (and recent model) cars. Which are controlled via drive-by-wire. Electronics. Sensors and actuators. Not cables and rods.

This is done for several reasons, including ease of assembly at the factory (plug-in components rather than cables and rods that have to be adjusted) as well as consistency (it’s hard to make a throttle cable feel exactly the same in 10,000 cars… while it’s a snap to do that with drive-by-wire). Consistency is also critical in these days of government micromanagement of the car industry. Even minor variations in, for instance, idle RPM can affect mileage and emissions. Not hugely, but that’s not relevant. Even fractional differences can be all the difference when it comes to what comes out of the car’s tailpipe – and its Corporate Average Fuel Economy (CAFE) numbers.

So, we have drive-by-wire.

Your car’s brakes, meanwhile, have ABS – and the ABS is a critical element of the stability control system as well as the becoming-common “adaptive” cruise control and automatic collision avoidance systems that a growing roster of new cars either come standard with or offer as optional equipment.hacked Jeep 2

Even the steering in a number of new cars is controlled to some extent – cue Dr. Strangelove – by the komputer. (See, for instance, the automated parallel parking systems available in a number of them. The car steers itself into the spot.)

And computers can be controlled by someone else.

In exactly the same way a virus can be transmitted over the ether and into your desktop PC, or hackers can tap into your PC without ever physically breaching your home, you car can now be accessed – and controlled.

It’s not just theoretical. And it’s not just Fiat-Chrysler vehicles, either. Other cars – including GM and Audi cars, to name at least two – also offer in-car/take-it-with-you WiFi. Meaning you – and your passengers – can get online in the car. Instead of searching for a Starbucks, you can fire up the laptop at a nice overlook – or at a tailgate party. The WiFi works within a certain radius outside the car, too.

And more than just your Pandora song list can leach into the car this way – as the Jeep driver discovered.

It’s not just cars, either. The FBI reported that a hacker managed to access a commercial jet’s flight controls – which are “fly-by-wire” in the latest generation jets.

Now, the Jeep Incident was planned. Wired.com writer Andy Greenberg worked with professional hackers to see whether it could be done.

They succeeded. Which means other, not-so-professional hackers could succeed, too.

That’s the take-away point here.

And there’s more to it than just over-riding the car’s controls. The car (meaning you) can also easily be tracked – and conversations within the car monitored and recorded, all without the knowledge – much less consent – of the car’s owner and his passengers. It’s not just a creepy idea. It’s a certifiable fact. hacked four

Many new cars come equipped with microphones – a key component of the voice command (you can instruct the car to do various things, such as call someone) systems now common in new cars. They’re tied into Bluetooth wireless or some equivalent.

Those wireless signals can be hijacked (or tapped into).

It is absolutely the case that someone could be watching you – and more – in almost any new car.

And probably is – whether you realize it or not.

True story: Several years ago, I was driving a new Cadillac press car loaner equipped (as all GM cars are) with OnStar. Being a conscientious automotive journalist, I was evaluating the Caddy’s lateral grip capabilities. In mid-corner, wheels cocked and the Caddy’s ass end hanging out, a woman’s voice erupted from the dashboard – asking whether I needed emergency services. OnStar had registered excessive G forces and narced me out to the GM version of Big Brother. Well, Big Sister, in this case.

I told the woman – once I’d recovered (and managed to maintain control of the car, after what amounted to an unexpected auditory Tazering) that, no, I was fine. But the experience shook me. Because at that moment, I knew I was not alone – even though there was no one in the car but me.Arnoold

That was about five years ago.

Back then, all they could do was monitor you. Now – courtesy of integrated drive-by-wire control of pretty much everything in the car and the ubiquity of Bluetooth wireless and (soon) in-car WiFi access, the car can by physically controlled, too.

It’s a Terminator scenario. Only it’s not the machines who are in control.

It’s just not you that’s in control.

If you value independent media, please support independent media. We depend on you to keep the wheels turning! 

Our donate button is here.

 If you prefer to avoid PayPal, our mailing address is:

EPautos
721 Hummingbird Lane SE
Copper Hill, VA 24079

PS: EPautos stickers are free to those who sign up for a $5 or more monthly recurring donation to support EPautos, or for a one-time donation of $10 or more. (Please be sure to tell us you want a sticker – and also, provide an address, so we know where to mail the thing!)EPautoslogo

     

27 COMMENTS

  1. That thing with the aircraft is rubbish. It’s not physically possible. The aircraft flight controls are not fly-by-wire in the sense of using a wifi network. There *is* no wifi network within the aircraft for anything other than the entertainment system, and that has nothing–zero–to do with the FADEC computer that controls the engines or the flight control computers or the fuel system or anything else. It’s all hard-wired computer control–not a network–and there is no way to hack into it. None. Yeah, it’s electrics and cables and computers, but not *networks* or anything other than a self-contained system. Maintenance has to physically plug equipment in to the panels to upload the current database for the flight management computer (the nav computer), too. I’ve never watched them do it, but it’s a physical transfer of…stuff. Electrons. It has to be done by a physical cable. And I don’t know if you noticed, but that story disappeared almost immediately after the media hyperventilated about it for two days. Because why? Because there’s nothing there. That hacker might have gotten into the entertainment system, but whether Delta can show Flashdance or not going westbound has nothing to do with what the engines are doing.

  2. This and the Michael Hastings case only prove that today’s’ cars CAN be remote controlled. This is reasonable. But I can’t think of one sane and rational reason why a manufacturer would design that capability into their cars. It would expose them to enormous liabilities. I’m ruling out engineering stupidity. They would have to intentionally design a pathway from WiFi to to the onboard controllers.

    In the interest of disclosure, I’m waiting for delivery of an Audi with WiFi. It does 0-60 in four seconds for getting around clovers.

    • Mea culpa! I didn’t grasp the Fiat-Chrysler fiasco when I wrote the above post. I retract what I said about engineering stupidity. Fiat-Chrysler is issuing a massive recall. It would be fatal to any auto manufacturer who gets a reputation for selling hackable cars.

      • Ray, I think Chyrslers electronics on trucks is going to bite them in the behind. I was driving a 2012 550 Sat. on a hotshot run, just out of the shop for low power. The guy who normally drives it said they helped the power quite a bit. I take off and it’s not doing much. It finally picks up and goes on and runs well but then suffers from something that makes it lose power again. The lights for brakes, engine and airbag come on and the cruise won’t work. On a 200 mile + run one way, it wouldn’t run over 70 at one time and would then run anywhere from decent to good. It also would overheat and then run normally after I let off for a few miles and return to running normally with my foot hard in it. That truck has a new radiator, cooling fan system and lots of sensors on it, been in the shop many times since new. I got to the other shop and the owner there told me all he had that age or newer did the same thing, said he was going back to Chevy. Meanwhile another company owner bought nothing but GM’s, Duramax’s and has no problem.

        Another problem is that one of the Dodge’s need a part that the dealer said was afermarket and they didn’t have. He has 12 others just like it with the same part all bought at the same dealer so he’s pissed about that too.

        I’ve seen Chrysler do some really stupid things so I put nothing past them. I’ve had 3 of their diesels stop responding to the foot feed and just idle. Cycle it five times and that generally fixes it but eventually parts have to be replaced and they will begin doing it again after several thousand miles.

  3. Fiat/Chrysler is recalling over this and basically admitting it’s a problem and can be fixed. Most of the cops around here drive Chargers which are covered in the recall.(I see a movie script).

    As far as the reporter that was killed in LA, it was Michael Hastings. Who had just busted Gen. Stanley McChrystal in Rolling Stone. There have been some to investigate the odd circumstances surrounding his death but, it’s been labeled “conspiracy theory” so there must be nothing to see here…move along.

    https://en.wikipedia.org/wiki/Michael_Hastings_(journalist)

  4. The response to these types of issues should be to flip the problems back toward those responsible for creating them, and to stream it live on-line at various sites open to the public! This is exactly what I would do if I were tech savy enough! If I had hacking abilities, I would try to do the following:
    1. Eavesdroppers want to spy on our conversations? Turn on the microphones in the cars and cell phones of the politicians, judges, cops, members of the Bilderburgers, etc.
    2. Insurance companies want to monitor and control our driving habits? First, monitor their own driving habits and make that available live to the public for a week or two, then govern their cars speed to 5 mph below the highway speed limit of the state that they are living in.
    3. Big business wants to collect our shopping preferences and data, and then sell the info to others? Do likewise to each of them.
    I could go on and on. It is my belief that when things that are undesirable to the common people get flipped back into the faces of the antagonizers, they will be forced to end them.

  5. Same-old same-old passivity. The comments made here well reflect the motoring public: adapt, live with, whine about these gadgets complicating our lives for little or no benefit. Just don’t demand that the half-wits designing cars actually go back to older, better systems. Don’t keep your cars more than a few years because, dear Lord, you’d have to drive a 2004 something or other otherwise.

    Skynet doesn’t have to ship Terminators back and forth through time. Just dangle a digital bauble in front of the consumers’ eyes, and they’ll be submissive little pets in no time.

    • Hi Ross,

      I’m not passive. I’m not buying in, anyhow. The problem – for me and you – is that because most people are passive and do buy in (especially with regard to electronics) we’re carried along, as if caught in a ripe tide.

      For instance, I don’t have a cell phone. But literally everyone I know does.

      In the near future, land lines will probably go away because of this – and if I want to be able to make a call at all, I will likely have to get a cell phone.

      • eric, that brings up a subject I’ve thought a great deal about but haven’t remembered to ak when with an attorney how they really feel about it, but every one of them I’ve been around uses a corded landline phone.

        I realize privacy took a great hit when Ma Bell first started installing those high-tech instruments for people who could afford them.

        I’ll get back to you on this one since I’ll probably be seeing one in the near future.

      • Sorry if I seemed to imply that you were passive in the face of invasive technology; I know you aren’t, and was referring to the commenters who seemed to have simply accepted the way things are.

        I fight back as best I can. Just bought another Geo Metro with body in decent shape (tin being the most important factor in Geos these days) that I hope to maintain and drive until they take my license away. I’ve got my big, old Dodges still, which I admittedly try not to drive too much because of their Saudi-supporting gas-guzzling. What people will put up with for the sake of alleged convenience!

  6. The “key” to solving this “problem” is to divorce the engine controls and all other related vehicle management (process) controls from the “entertainment” bus. Having designed many process control networks, we NEVER allow the business (entertainment) network to interface with the process control network. Keep these two systems completely separate…

  7. This story is very fishy. For one thing the hackers did the same thing last year, promising to reveal how they pulled it off at the Black Hat conference (which they are promising to do this year, the story was timed for the event). But their presentation was short on substance and mostly a lot of what-if hand waving.

    The media has been portraying this as a brand-new off the lot vehicle. My guess is that they uploaded custom firmware and/or installed a hardware device on the OBD2 port. Mr. Greenberg might have been given the story because he promised not to divulge the trick, or at least he didn’t bother with more than a cursory glance at the vehicle before getting in. Either way, since it was yet another “BOO SCARY TECHNOLOGY” story, the press ate it up and regurgitated it without question.

    • The trick is they had the IP number. This doesn’t work without the IP number and there is no way to obtain it directly without an inside track. However that’s just security through obscurity.

  8. The problem is that the car, well part of it, is on the internet. It has an IP address because Chrysler designed it that way. And that the part of the car that is on the internet is also on the car’s private network.

    What they did is get a hold of the infotainment system because it was on the internet and then because the infotainment system is on the car’s network use it to take over other functions. In aircraft I’ve read that the infotainment system is on the plane’s network and get this, the hardware for the infotainment system is under the seats. One man demonstrated that it could be exploited to take over the flight controls. Just stupid design.

    The problem is that mission critical stuff is networked to vulnerable hardware that is not. Vehicles should not be externally accessible. Flight controls should not be networked to hardware in the passenger compartment. It’s dimwitted design.

    Any sci-fi fan should know that in the remake the BattleStar Galactica survived because it was not networked.

    • See my comment above. There was no FAA report filed by the pilots of that alleged plane, nothing other than a news piece. No one has recreated the situation, in fact no one has even verified there’s a USB port underneath airline seats.

      All these “hacking” stories should be taken with a grain of salt. I don’t know of any mainstream or 24/7 news cycle reporter who knows anything at all about technology, and every one of the “experts” the wheel out when one of these incidents happen is a so-called security expert who does nothing other than speculate. Why aren’t they getting someone on the phone at Boeing? What about the subcontractor who built the entertainment system? Oh, because they don’t have any contacts at either company other than the PR Newswire…

      • Hi Eric,

        I can speak to the following – because I’ve actually experienced it; actually seen it done:

        GM/OnStar can absolutely monitor a vehicle equipped with OnStar’s speed and location in real time – and take control of it remotely (including shutting its engine down).

        Given drive-by-wire control of throttle, transmission and braking and given these controls are networked (WiFi, Bluetooth) I see no technical reason why such things as acceleration, braking and even steering could not also be controlled similarly.

        • Seems this scenario is likely what happened to the late model ho hum Mercedes sedan that wildly accelerated and crashed with a HUGE (far too huge) explosion into a line of trees in the boulevard divider somewhere in Los Angeles or Hollywood. Seems the poor sap who thought HE was in control of the car was a reporter or investigator who had just days prior gotten into some damning evidence and information on a case, and SOMEONE did not waht his newfound information getting public…. it did not, thanks to the crash. Many unexplained details of that crash have come public, and it strongly appears the car’s onboard electronics were commandoed by those who wanted the driver rather on the quiet side of things.

          • Oh, but anyone who threw out that scenario was immediately labeled a crackpot cook. Now the MSM is all-in on remote takeover of automobiles.

            Just because the narrative fits your worldview doesn’t mean it’s right. (something I have to remind myself of every day, mostly when I read the front page of LewRockwell.com).

    • Don’t even need that disaster of BSG …
      Terminator used similar means more than once (networks, hacking.)
      War Games.
      Star Wars (Why they use multiple Droids instead of networked on-ship computers: They lost a FLEET when the AI went crazy and went into deep space.)

      And who has actually had to work with networks here? Even without hackers and with hardware meant to work together, sometimes it’s just hours of testing, trying, fiddling, re-building, changing settings, changing drivers, updating security, re-starting the machine, re-imaging the hard drive, and finally throwing the machine down an elevator shaft because it’s NFG, no matter what.
      And I did that stuff when I could still make actual CHANGES to the machine (E.G., physical switches to make changes, and manuals on the motherboard settings, and Admin rights to the machine that actually mean, “You can change ANYTHING.” These days, it’s all software + “Plug and Pray” – the techies call it “Plug and Play,” but they can’t find their @$$ with both hands and a set of directions. And don’t know what a DIP switch is, nor can they read a manual. They’re ready for that self-driving car, because they can’t drive an Auto, let alone a stick, let alone “three on the tree,” but they think they’re techno-gods… Until they run into someone who DOES know their shit, and then … Well, they know it’s “Game Over,” when you explain what MTBFs are, and how they are arrived at, and how IDE works, and the differences between EISA and ISA and PCA and Rambus and PCA+ are… And explain that on that motherboard, you need to change these two interrupts, because factory default settings has the two slots you MUST use for the Ethernet and USB cards all f’ed up, because Sum Dim Fuck can’t read Chinese, let alone Engrish… It’s comic, in a sense, when they realize what they stepped in… Like an immature baboon punching a Silverback, and the Silverback picks him up by one foot and uses him as a speed bag… 😀 “OhShitShouldn’tHaveDoneThat!”

  9. eric, I’d think you would recall back when the Corvette first got DBW. Everyone testing them couldn’t get good acceleration times because of lag. Seems like some other cars experienced this too.

    I can tell you from experience Dodge pickups are bad about not working at all. Hit the gas and it idles. I’ve driven 3 so far to do this, all diesels. One was bad about a momentary surge and then idle. When it’s a one ton loaded down with a trailer and full of people, it gets dicey when it surges and sends you about to the middle of a two lane road and then goes to idle where you’re sitting, not being able to pull the trailer up on the road and fast traffic is approaching from both directions. I finally found out you could cycle the ignition 5 times and it would reset. The shop mechanic was driving with me shotgun and this pickup did that. He said WTF? I figures he knew since he had one identical to the one we were in. I told him the old cycle trick and away we went. Seems like it always happens at a really bad time though.

  10. chip, BTDT with the brakes. My anti-lock brakes didn’t work as in didn’t let me brake enough so I totaled two pickups. I only needed another 10 feet or so to stop and could have stopped way back if they hadn’t fought me. No computer, just the old style anti-locks, all mechanical. Of course they do have some sort of electrical sensor but it didn’t dawn on me why I couldn’t stop. It was sort of an emergency stop in that I needed to slam on the brakes and stop quickly which they had always done to that point. A couple years later they did it again and I went through an intersection, no wreck this time. But this time they were pulsing like crazy with a loaded trailer behind me. I pulled to the side and disconnected the connection to the anti-lock thingamajig. It would lock the tires easily after that. Pickup was much better in slick conditions without them. I wish you could disconnect all of them since going downhill on a slick surface can have you just keep on going. They’ll get you into trouble in mud or silt, anything that will let the vehicle move and the tire not roll.

    • The Mercedes ML-320 I used to have would change the ABS program when you were in low range. They knew that if you were in the lower range, you were probably off road and on a slick surface like gravel or mud, so you’d benefit from a longer ABS cycle time that would permit a mound of dirt to build up in front of the wheel, helping you stop. It was one of the few things on the vehicle that didn’t break…

      The problem today is that few SUVs/CUVs have a low range so they have no way of knowing that you’re on gravel. So you’re more likely to drive into that fence or tree line because the ABS won’t let you stop. The exceptions are vehicles like the Land Rover and Ford Explorer that have a terrain setting knob. But I haven’t heard any of them talk about how the different settings change the ABS behavior.

      • The company pickup I drive is an ’05 2500 HD 4WD and the front brakes go crazy in the slick on it. i get the feeling it needs parts and probably a bunch of em. But even if it operated like that new, there should be an off switch on a pickup, esp. an HD 4WD.

        I noticed new GM pickups had the trailer brake control built in and self adjusting for traction, conditions, yada yada yada but no manual control I could see(although there could be). Many times I’ve reached down and moved the trailer brake to maximum or close so the trailer didn’t push me down a hill and could use the pickup for direction control.

        Some things shouldn’t be automatic. First thing I do is adjust my prebrake pressure when pulling a trailer.

  11. I’ve been thinking about how they could have affected the brakes. Unlike the gas pedal, it’s connected directly to the master cylinder, and via the hydraulic lines, to the brake calipers. There is a vacuum assist involved, but if that goes out you can still stop the car by pressing harder (which you’re probably doing anyway, in a panic stop).

    But what can prevent the brakes from activating fully is the ABS pump. It’s job is to OPEN the brake calipers, so you can regain steering control in a slide. So if they commanded the ABS pump to run continuously, the stopping distance could be lengthened significantly. As in: you’d have better results if you downshifted progressively to 1st, and then turned the key to the “accessory” position.

    But what really baked my cookies about this story was that they were doing this on a public road, with other drivers on it.

LEAVE A REPLY

Please enter your comment!
Please enter your name here