Two security researchers have found a vulnerability in Chrysler cars that allows them to hack into them from miles away, allowing them to control a variety of the car’s controls including shutting off the brakes, Wired reports.
The two hackers, Charlie Miller and Chris Valasek, were able to gain access to a car in 2013 by having their computers physically connected to the dashboard, but in this latest experiment, they were able to control a car remotely.
Miller and Valasek found a vulnerability in Chrysler’s “Uconnect” system. Uconnect which is in hundreds of thousands of Fiat Chrysler cars is designed for the user to control their entertainment system, offers a Wi-Fi hotspot, and is used to make phone calls through. After gaining access through Uconnect, the hackers were able to rewrite the firmware in a chip in the car’s head unit that controls physical components such as the engine, around 471,000 vehicles have vulnerable Uconnect systems Miller estimates.
They tested out their methods with Wired writer Andy Greenberg behind the wheel of a Jeep Cherokee, and from the comfort of their living room they were able to shut off his transmission while he was on the highway. They plan to reveal a portion of their exploit at an upcoming conference for hackers in Las Vegas. The parts they won’t reveal will still be possible to reverse engineer in a matter of months, this does not make Chrysler happy.
In a statement provided to Wired, Fiat Chrysler Automotive said, “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.”
Miller and Valasek have been sharing their research with Chrysler, allowing them to release an update that protects against this sort of attack. The update, though, must installed physically through a USB or an automotive dealer, which leads to many believe that thousands of cars will remain vulnerable.
This hasn’t been the first time a car or even a plane has been hacked remotely. these developments have led Democratic Sens. Ed Markey of Massachusetts and Richard Blumenthal of New York to introduce legislation aimed to bolster car defenses against unwanted infiltration.
A Markey spokesperson told Wired the bill would force National Highway Safety and Transportation Administration and the Federal Trade Commission to work together to create required standards for automakers that would help protect cars from hackers. Interestingly, it would put the government in control of preventing the hacking, even though the government was recently hacked as well. (RELATED: The True Impact Of The Chinese OPM Hack Is Only Just Now Being Realized)