Car Hacking: What Every Connected Driver Needs to Know
Many new cars are equipped with wireless technology that can make a driver's time on the road more stress-free and entertaining, but the technology can also bring a dark side.
Two hackers were able to take control of a connected Jeep Cherokee from their living room as a Wired reporter, who agreed to be their test case, drove the SUV down the highway at 70 mph, according to the article.
Charlie Miller and Chris Valasek, the two hacking experts behind the stunt, were able to access the SUV's Internet connected computer system and then rewrite the firmware to plant the malicious code allowing them to commandeer the vehicle, including everything from the air conditioning and music to the Jeep's steering, brakes and transmission, according to Wired.
Miller works as a security researcher at Twitter, while Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services.
While it may seem like an extreme case, experts say connected car drivers need to be proactive in order to ensure they don't potentially fall victim to a sophisticated hacking attack that could have the potential to cause serious human and physical damage on the road.
"In this particular case, [the hackers] have created a zero day exploit that has been undiscovered," Robert Siciliano, an online safety expert to Intel security, told ABC News. "Now, because the researchers are good guys, they have made the car makers aware of it and a patch is in the process of being deployed, but in many cases that will require effort on the part of the consumer."
Senators Edward J. Markey, D-Massachusetts, and Richard Blumenthal, D-Conn., announced new legislation this week aimed at creating federal standards for connected cars. The senators also want a ratings system established to let consumers know how well their connected car protects their security and privacy.
"Rushing to roll out the next big thing, automakers have left cars unlocked to hackers and data-trackers," Blumenthal said in a statement. "This common-sense legislation protects the public against cyber criminals who exploit exciting advances in technology like self-driving and wireless connected cars."
Fiat Chrysler, which manufactures Jeep Cherokees and other cars using the UConnect system, said in a statement the team behind the Cherokee hack had been in communication with the automaker about their work.
To the company's knowledge "there has not been a single real world incident of an unlawful or unauthorized remote hack," into any of their vehicles, the statement said.
Car owners can enter their vehicle identification number on UConnect's website to find out if they need to download an update.
If an update is needed, car owners can download the update to a USB drive and install it in a vehicle,
"FCA will be contacting potentially affected customers with these details and has provided the software update to the FCA US dealer network for immediate customer installation," the statement said.
The company said vulnerabilities have been fixed in model 2015 vehicles.
Siciliano, the online security expert, said while many connected car owners are likely to be on some sort of distribution list from their dealership, being proactive is crucial.
"Do you own due diligence," he said. "Do some research now to make sure if there is a recall, patch you are first in line to get it."