It’s a good thing cars can’t experience emotions or one specific 2014 Jeep Cherokee would be terrified every time security pros Charlie Miller and Chris Valasek come near it. That’s the vehicle they remotely hacked in 2015; now they used the Jeep to show how an attacker can control the steering, accelerator and brakes while the Jeep is driving at high speeds.
Granted, this time they were in the vehicle with a laptop physically connected to the CAN network via the diagnostic port. They reverse-engineered the electronic control unit (ECU) firmware, basically knocking it offline, so they could send fake CAN messages to tell the car what to do, such as slam on the brakes, jerk the steering wheel or hit the gas.
Even the most distracted driver could not help but notice a stranger in their vehicle in order to pull off the latest attacks. However, when The Register’s Darren Pauli asked if the hack could be done remotely, such as by an attacker concealing a device for automated or remote attacks via a wireless link, Miller said, “Most definitely.”
The car hackers took the Jeep out in the sticks to try out the attacks. In one attack, they whipped the steering wheel 90 degrees while the Jeep was driving at 60 mph.
To hammer the point home, Valasek told Wired’s Andy Greenburg, “Imagine last year if instead of cutting the transmission on the highway, we’d turned the wheel 180 degrees. You wouldn’t be on the phone with us. You’d be dead.”
In another test on a remote road that yanked the steering wheel, the Jeep ended up stuck in a muddy ditch. They told Dark Reading’s Kelly Jackson Higgins that a crop-duster spotted the disabled Jeep and called the cops, but a pickup driver stopped to help them. Valasek, who had been driving, said, “Charlie was running [the attack] in the backseat, and we curved and hit the ditch and couldn’t get out because it was super-muddy.”
But the attacks work on more than steering; an attack could control both the acceleration and brake pedals. Miller told Dark Reading:
“We can permanently lock the electronic parking brake so it’s permanently immobilized. Even if you restarted the car, the parking brake would be on and you would not be able to drive anywhere. We disabled all aspects of steering, so it’s super-hard to turn the wheel and even harder if you drive the car without steering [capability] … at any speed.”
This is the same Jeep that was patched to protect it from remote attacks via the infotaiment system. Miller and Valasek recommend auto manufacturers start battening down the security hatches on CAN buses.
On Thursday, the car hacking duo will present Advanced CAN Injection Techniques for Vehicle Networks at the Black Hat conference. The presentation will detail the techniques used in the hacks. They also have developed an anti-intrusion system capable of detecting the attacks.