Jul
2017

Hackers Remotely Kill a Jeep on the Highway–With Me in It

I was driving seventy mph on the edge of downtown St. Louis when the exploit began to take hold.

Tho’ I hadn't touched the dashboard, the vents in the Jeep Cherokee commenced blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at utter volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

As I attempted to cope with all this, a picture of the two hackers performing these stunts appeared on the car's digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.

The Jeep’s strange behavior wasn’t entirely unexpected. I'd come to St. Louis to be Miller and Valasek's digital crash-test dummy, a willing subject on whom they could test the car-hacking research they'd been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker's nightmare: software that lets hackers send directions through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

To better simulate the practice of driving a vehicle while it's being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller's laptop in his house ten miles west. Instead, they merely assured me that they wouldn't do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Reminisce, Andy,” Miller had said through my iPhone's speaker just before I pulled onto the Interstate sixty four on-ramp, “no matter what happens, don't fright.” 1

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That's when they cut the transmission.

Instantly my accelerator stopped working. As I frantically pressed the pedal and observed the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to suggest an escape. The experiment had ceased to be joy.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and slightly crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver eyed me, too, and could tell I was paralyzed on the highway.

“You're fated!” Valasek shouted, but I couldn't make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller's advice: I didn't fright. I did, however, drop any semblance of bravery, grab my iPhone with a clammy knuckle, and beg the hackers to make it stop.

Wireless Carjackers

This wasn't the very first time Miller and Valasek had put me behind the wheel of a compromised car. In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Arch, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel . “When you lose faith that a car will do what you tell it to do,” Miller observed at the time, “it truly switches your entire view of how the thing works.” Back then, however, their hacks had a comforting limitation: The attacker's PC had been wired into the vehicles' onboard diagnostic port, a feature that normally gives repair technicians access to information about the car's electronically managed systems.

A mere two years later, that carjacking has gone wireless. Miller and Valasek plan to publish a portion of their exploit on the Internet, timed to a talk they're providing at the Black Hat security conference in Las Vegas next month. It’s the latest in a series of revelations from the two hackers that have spooked the automotive industry and even helped to inspire legislation; WIRED has learned that senators Ed Markey and Richard Blumenthal plan to introduce an automotive security bill today to set fresh digital security standards for cars and trucks, very first sparked when Markey took note of Miller and Valasek’s work in 2013.

As an auto-hacking antidote, the bill couldn’t be timelier. The attack instruments Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic practice on I-64; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could securely proceed the experiment.

Miller and Valasek’s utter arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV slipped furiously into a ditch. The researchers say they're working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in switch sides. Their hack enables surveillance too: They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle's entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won't identify until their Black Hat talk, Uconnect's cellular connection also lets anyone who knows the car's IP address build up access from anywhere in the country. “From an attacker's perspective, it's a super nice vulnerability,” Miller says.

From that entry point, Miller and Valasek's attack pivots to an adjacent chip in the car's head unit—the hardware for its entertainment system—silently rewriting the chip's firmware to plant their code. That rewritten firmware is capable of sending directives through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their utter set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, however they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to attempt remotely hacking into other makes and models of cars.

After the researchers expose the details of their work in Vegas, only two things will prevent their implement from enabling a wave of attacks on Jeeps around the world. Very first, they plan to leave out the part of the attack that rewrites the chip’s firmware; hackers following in their footsteps will have to reverse-engineer that element, a process that took Miller and Valasek months. But the code they publish will enable many of the dashboard hijinks they demonstrated on me as well as GPS tracking.

2nd, Miller and Valasek have been sharing their research with Chrysler for almost nine months, enabling the company to calmly release a patch ahead of the Black Hat conference. On July 16, owners of vehicles with the Uconnect feature were notified of the patch in a post on Chrysler's website that didn’t suggest any details or acknowledge Miller and Valasek’s research. “[Fiat Chrysler Automobiles] has a program in place to continuously test vehicles systems to identify vulnerabilities and develop solutions,” reads a statement a Chrysler spokesperson sent to WIRED. “FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability.”

If consumers don't realize this is an issue, they should, and they should commence complaining to carmakers. This might be the kind of software bug most likely to kill someone.

Unluckily, Chrysler’s patch must be by hand implemented via a USB stick or by a dealership mechanic. ( Download the update here .) That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable.

Chrysler stated in a response to questions from WIRED that it “appreciates” Miller and Valasek’s work. But the company also seemed leery of their decision to publish part of their exploit. “Under no circumstances does FCA condone or believe it’s adequate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to build up unauthorized and unlawful access to vehicle systems,” the company’s statement reads. “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”

The two researchers say that even if their code makes it lighter for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it permits their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles' digital security. “If consumers don't realize this is an issue, they should, and they should embark complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

In fact, Miller and Valasek aren't the very first to hack a car over the Internet. In two thousand eleven a team of researchers from the University of Washington and the University of California at San Diego showcased that they could wirelessly disable the locks and brakes on a sedan . But those academics took a more discreet treatment, keeping the identity of the hacked car secret and sharing the details of the exploit only with carmakers.

Miller and Valasek represent the 2nd act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in two thousand eleven now face the possibility of a public dump of their vehicles' security flaws. The result could be product recalls or even civil suits, says UCSD computer science professor Stefan Savage, who worked on the two thousand eleven examine. “Imagine going up against a class-action lawyer after Anonymous determines it would be joy to brick all the Jeep Cherokees in California,” Savage says. Two

For the auto industry and its watchdogs, in other words, Miller and Valasek's release may be the last warning before they see a full-blown zero-day attack. “The regulators and the industry can no longer count on the idea that exploit code won't be in the wild,” Savage says. “They've been thinking it wasn't an imminent danger you needed to deal with. That implicit assumption is now dead.”

471,000 Hackable Automobiles

Sitting on a leather couch in Miller's living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

Uconnect computers are linked to the Internet by Sprint's cellular network, and only other Sprint devices can talk to them. So Miller has a cheap Kyocera Android phone connected to his battered MacBook. He's using the burner phone as a Wi-Fi hot spot, scouring for targets using its lean 3G bandwidth.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, emerges on the laptop screen. It’s a Dodge Ram. Miller corks its GPS coordinates into Google Maps to expose that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to emerge on his screen is a Jeep Cherokee driving around a highway cloverleaf inbetween San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Observing the actual, mapped locations of these unwitting strangers' vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

When Miller and Valasek very first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, restraining its range to a few dozen yards. When they discovered the Uconnect's cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn't the limit. “When I witnessed we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that's a vehicle on a highway in the middle of the country. Car hacking got real, right then.”

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington probe to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

When they demonstrated a wired-in attack on those vehicles at the DefCon hacker conference in 2013, tho’, Toyota, Ford, and others in the automotive industry downplayed the significance of their work, pointing out that the hack had required physical access to the vehicles. Toyota, in particular, argued that its systems were “sturdy and secure” against wireless attacks . “We didn't have the influence with the manufacturers that we wished,” Miller says. To get their attention, they'd need to find a way to hack a vehicle remotely.

So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles' technical manuals and wiring diagrams. Using those specs, they rated twenty four cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers : How many and what types of radios connected the vehicle's systems to the Internet; whether the Internet-connected computers were decently isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital directions could trigger physical deeds like turning the wheel or activating brakes.

Based on that investigate, they rated Jeep Cherokee the most hackable model. Cadillac's Escalade and Infiniti's Q50 didn't fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [fresh] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a fresh Escalade since Miller and Valasek’s last explore, but that cybersecurity is “an emerging area in which we are dedicating more resources and implements,” including the latest hire of a chief product cybersecurity officer.

After Miller and Valasek determined to concentrate on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn't until June that Valasek issued a directive from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller's St. Louis driveway.

Since then, Miller has scanned Sprint's network numerous times for vulnerable vehicles and recorded their vehicle identification numbers. Plugging that data into an algorithm sometimes used for tagging and tracking wild animals to estimate their population size, he estimated that there are as many as 471,000 vehicles with vulnerable Uconnect systems on the road.

Pinpointing a vehicle belonging to a specific person isn't effortless. Miller and Valasek's scans expose random VINs, IP addresses, and GPS coordinates. Finding a particular victim’s vehicle out of thousands is unlikely through the slow and random probing of one Sprint-enabled phone. But enough phones scanning together, Miller says, could permit an individual to be found and targeted. Worse, he suggests, a skilled hacker could take over a group of Uconnect head units and use them to perform more scans—as with any collection of hijacked computers—worming from one dashboard to the next over Sprint’s network. The result would be a wirelessly managed automotive botnet encompassing hundreds of thousands of vehicles.

“For all the critics in two thousand thirteen who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking

Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to expose fresh legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set fresh security standards and create a privacy and security rating system for consumers. “Controlled demonstrations display how scaring it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose inbetween being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their two thousand thirteen Darpa-funded research and hacking demo, he sent a letter to twenty automakers , asking them to response a series of questions about their security practices. The answers, released in February , display what Markey describes as “a clear lack of suitable security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the sixteen automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn't expose the automakers' individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles' digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital instructions.

UCSD's Savage says the lesson of Miller and Valasek's research isn't that Jeeps or any other vehicle are particularly vulnerable, but that practically any modern vehicle could be vulnerable. “I don't think there are qualitative differences in security inbetween vehicles today,” he says. “The Europeans are a little bit ahead. The Japanese are a little bit behind. But broadly writ, this is something everyone's still getting their arms around.”

Aside from wireless hacks used by thieves to open car doors , only one malicious car-hacking attack has been documented: In two thousand ten a disgruntled employee in Austin, Texas, used a remote shutdown system meant for enforcing timely car payments to brick more than one hundred vehicles . But the opportunities for real-world car hacking have only grown, as automakers add wireless connections to vehicles' internal networks. Uconnect is just one of a dozen telematics systems, including GM Onstar, Lexus Enform, Toyota Safety Connect, Hyundai Bluelink, and Infiniti Connection.

In fact, automakers are thinking about their digital security more than ever before, says Josh Corman, the cofounder of I Am the Cavalry, a security industry organization loyal to protecting future Internet-of-things targets like automobiles and medical devices. Thanks to Markey's letter, and another set of questions sent to automakers by the House Energy and Commerce Committee in May , Corman says, Detroit has known for months that car security regulations are coming.

But Corman cautions that the same automakers have been more focused on rivaling with each other to install fresh Internet-connected cellular services for entertainment, navigation, and safety. (Payments for those services also provide a nice monthly revenue stream.) The result is that the companies have an incentive to add Internet-enabled features—but not to secure them from digital attacks. “They're getting worse swifter than they're getting better,” he says. “If it takes a year to introduce a fresh hackable feature, then it takes them four to five years to protect it.”

Corman's group has been visiting auto industry events to shove five recommendations : safer design to reduce attack points, third-party testing, internal monitoring systems, segmented architecture to limit the harm from any successful invasion, and the same Internet-enabled security software updates that PCs now receive. The last of those in particular is already catching on; Ford announced a switch to over-the-air updates in March , and BMW used wireless updates to patch a hackable security flaw in door locks in January .

Corman says carmakers need to befriend hackers who expose flaws, rather than fear or antagonize them—just as companies like Microsoft have evolved from menacing hackers with lawsuits to inviting them to security conferences and paying them “bug bounties” for disclosing security vulnerabilities . For tech companies, Corman says, “that enlightenment took fifteen to twenty years.” The auto industry can't afford to take that long. “Given that my car can hurt me and my family,” he says, “I want to see that enlightenment happen in three to five years, especially since the consequences for failure are skin and blood.”

As I drove the Jeep back toward Miller’s house from downtown St. Louis, however, the notion of car hacking hardly seemed like a threat that will wait three to five years to emerge. In fact, it seemed more like a matter of seconds; I felt the vehicle's vulnerability, the nagging possibility that Miller and Valasek could cut the puppet's strings again at any time.

The hackers holding the scissors agree. “We shut down your engine—a big equipment was honking up on you because of something we did on our couch,” Miller says, as if I needed the reminder. “This is what everyone who thinks about car security has worried about for years. This is a reality.”

Update Three:30 7/24/2015 : Chrysler has issued a recall for 1.Four million vehicles as a result of Miller and Valasek's research. The company has also blocked their wireless attack on Sprint's network to protect vehicles with the vulnerable software.

1 Correction Ten:45 7/21/2015 : An earlier version of the story stated that the hacking demonstration took place on Interstate 40, when in fact it was Route 40, which coincides in St. Louis with Interstate 64.

Two Correction 1:00pm 7/27/2015 : An earlier version of this story referenced a Range Rover recall due to a hackable software bug that could unlock the vehicles' doors. While the software bug did lead to doors unlocking, it wasn't publicly determined to exploitable by hackers.

Hackers Remotely Kill a Jeep on the Highway—With Me in It, WIRED

Hackers Remotely Kill a Jeep on the Highway–With Me in It

I was driving seventy mph on the edge of downtown St. Louis when the exploit began to take hold.

To better simulate the practice of driving a vehicle while it's being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller's laptop in his house ten miles west. Instead, they merely assured me that they wouldn't do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Recall, Andy,” Miller had said through my iPhone's speaker just before I pulled onto the Interstate sixty four on-ramp, “no matter what happens, don't fright.” 1

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That's when they cut the transmission.

Instantaneously my accelerator stopped working. As I frantically pressed the pedal and observed the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to suggest an escape. The experiment had ceased to be joy.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and scarcely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver spotted me, too, and could tell I was paralyzed on the highway.

“You're fated!” Valasek shouted, but I couldn't make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller's advice: I didn't funk. I did, however, drop any semblance of bravery, grab my iPhone with a clammy knuckle, and beg the hackers to make it stop.

Wireless Carjackers

This wasn't the very first time Miller and Valasek had put me behind the wheel of a compromised car. In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Arch, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel . “When you lose faith that a car will do what you tell it to do,” Miller observed at the time, “it indeed switches your entire view of how the thing works.” Back then, however, their hacks had a comforting limitation: The attacker's PC had been wired into the vehicles' onboard diagnostic port, a feature that normally gives repair technicians access to information about the car's electronically managed systems.

As an auto-hacking antidote, the bill couldn’t be timelier. The attack contraptions Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic practice on I-64; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could securely proceed the experiment.

Miller and Valasek’s utter arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV slipped madly into a ditch. The researchers say they're working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in switch roles. Their hack enables surveillance too: They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

From that entry point, Miller and Valasek's attack pivots to an adjacent chip in the car's head unit—the hardware for its entertainment system—silently rewriting the chip's firmware to plant their code. That rewritten firmware is capable of sending directives through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their total set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, however they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to attempt remotely hacking into other makes and models of cars.

If consumers don't realize this is an issue, they should, and they should commence complaining to carmakers. This might be the kind of software bug most likely to kill someone.

The two researchers say that even if their code makes it lighter for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it permits their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles' digital security. “If consumers don't realize this is an issue, they should, and they should begin complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

In fact, Miller and Valasek aren't the very first to hack a car over the Internet. In two thousand eleven a team of researchers from the University of Washington and the University of California at San Diego demonstrated that they could wirelessly disable the locks and brakes on a sedan . But those academics took a more discreet treatment, keeping the identity of the hacked car secret and sharing the details of the exploit only with carmakers.

Miller and Valasek represent the 2nd act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in two thousand eleven now face the possibility of a public dump of their vehicles' security flaws. The result could be product recalls or even civil suits, says UCSD computer science professor Stefan Savage, who worked on the two thousand eleven explore. “Imagine going up against a class-action lawyer after Anonymous determines it would be joy to brick all the Jeep Cherokees in California,” Savage says. Two

471,000 Hackable Automobiles

Sitting on a leather couch in Miller's living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, shows up on the laptop screen. It’s a Dodge Ram. Miller corks its GPS coordinates into Google Maps to expose that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to show up on his screen is a Jeep Cherokee driving around a highway cloverleaf inbetween San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Witnessing the actual, mapped locations of these unwitting strangers' vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

When Miller and Valasek very first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, restraining its range to a few dozen yards. When they discovered the Uconnect's cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn't the limit. “When I eyed we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that's a vehicle on a highway in the middle of the country. Car hacking got real, right then.”

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington examine to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

When they demonstrated a wired-in attack on those vehicles at the DefCon hacker conference in 2013, however, Toyota, Ford, and others in the automotive industry downplayed the significance of their work, pointing out that the hack had required physical access to the vehicles. Toyota, in particular, argued that its systems were “sturdy and secure” against wireless attacks . “We didn't have the influence with the manufacturers that we wished,” Miller says. To get their attention, they'd need to find a way to hack a vehicle remotely.

So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles' technical manuals and wiring diagrams. Using those specs, they rated twenty four cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers : How many and what types of radios connected the vehicle's systems to the Internet; whether the Internet-connected computers were decently isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital instructions could trigger physical deeds like turning the wheel or activating brakes.

Based on that examine, they rated Jeep Cherokee the most hackable model. Cadillac's Escalade and Infiniti's Q50 didn't fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [fresh] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a fresh Escalade since Miller and Valasek’s last examine, but that cybersecurity is “an emerging area in which we are dedicating more resources and instruments,” including the latest hire of a chief product cybersecurity officer.

After Miller and Valasek determined to concentrate on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn't until June that Valasek issued a guideline from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller's St. Louis driveway.

“For all the critics in two thousand thirteen who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking

Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to expose fresh legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set fresh security standards and create a privacy and security rating system for consumers. “Controlled demonstrations showcase how scaring it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose inbetween being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their two thousand thirteen Darpa-funded research and hacking demo, he sent a letter to twenty automakers , asking them to response a series of questions about their security practices. The answers, released in February , demonstrate what Markey describes as “a clear lack of adequate security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the sixteen automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn't expose the automakers' individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles' digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital directions.

In fact, automakers are thinking about their digital security more than ever before, says Josh Corman, the cofounder of I Am the Cavalry, a security industry organization faithful to protecting future Internet-of-things targets like automobiles and medical devices. Thanks to Markey's letter, and another set of questions sent to automakers by the House Energy and Commerce Committee in May , Corman says, Detroit has known for months that car security regulations are coming.

Hackers Remotely Kill a Jeep on the Highway—With Me in It, WIRED

Hackers Remotely Kill a Jeep on the Highway–With Me in It

I was driving seventy mph on the edge of downtown St. Louis when the exploit began to take hold.

The Jeep’s strange behavior wasn’t entirely unexpected. I'd come to St. Louis to be Miller and Valasek's digital crash-test dummy, a willing subject on whom they could test the car-hacking research they'd been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker's nightmare: software that lets hackers send directives through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That's when they cut the transmission.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and scarcely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver witnessed me, too, and could tell I was paralyzed on the highway.

“You're fated!” Valasek shouted, but I couldn't make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller's advice: I didn't scare. I did, however, drop any semblance of bravery, grab my iPhone with a clammy knuckle, and beg the hackers to make it stop.

Wireless Carjackers

Miller and Valasek’s utter arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV glided furiously into a ditch. The researchers say they're working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in switch roles. Their hack enables surveillance too: They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

From that entry point, Miller and Valasek's attack pivots to an adjacent chip in the car's head unit—the hardware for its entertainment system—silently rewriting the chip's firmware to plant their code. That rewritten firmware is capable of sending guidelines through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their total set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, tho’ they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to attempt remotely hacking into other makes and models of cars.

If consumers don't realize this is an issue, they should, and they should begin complaining to carmakers. This might be the kind of software bug most likely to kill someone.

Chrysler stated in a response to questions from WIRED that it “appreciates” Miller and Valasek’s work. But the company also seemed leery of their decision to publish part of their exploit. “Under no circumstances does FCA condone or believe it’s suitable to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to build up unauthorized and unlawful access to vehicle systems,” the company’s statement reads. “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”

The two researchers say that even if their code makes it lighter for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it permits their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles' digital security. “If consumers don't realize this is an issue, they should, and they should begin complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

471,000 Hackable Automobiles

Sitting on a leather couch in Miller's living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, emerges on the laptop screen. It’s a Dodge Ram. Miller butt-plugs its GPS coordinates into Google Maps to expose that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to show up on his screen is a Jeep Cherokee driving around a highway cloverleaf inbetween San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Observing the actual, mapped locations of these unwitting strangers' vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

When Miller and Valasek very first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, restraining its range to a few dozen yards. When they discovered the Uconnect's cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn't the limit. “When I eyed we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that's a vehicle on a highway in the middle of the country. Car hacking got real, right then.”

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington explore to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

When they demonstrated a wired-in attack on those vehicles at the DefCon hacker conference in 2013, tho’, Toyota, Ford, and others in the automotive industry downplayed the significance of their work, pointing out that the hack had required physical access to the vehicles. Toyota, in particular, argued that its systems were “sturdy and secure” against wireless attacks . “We didn't have the influence with the manufacturers that we dreamed,” Miller says. To get their attention, they'd need to find a way to hack a vehicle remotely.

So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles' technical manuals and wiring diagrams. Using those specs, they rated twenty four cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers : How many and what types of radios connected the vehicle's systems to the Internet; whether the Internet-connected computers were decently isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital instructions could trigger physical deeds like turning the wheel or activating brakes.

Based on that examine, they rated Jeep Cherokee the most hackable model. Cadillac's Escalade and Infiniti's Q50 didn't fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [fresh] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a fresh Escalade since Miller and Valasek’s last investigate, but that cybersecurity is “an emerging area in which we are dedicating more resources and instruments,” including the latest hire of a chief product cybersecurity officer.

After Miller and Valasek determined to concentrate on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn't until June that Valasek issued a guideline from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller's St. Louis driveway.

“For all the critics in two thousand thirteen who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking

Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to expose fresh legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set fresh security standards and create a privacy and security rating system for consumers. “Controlled demonstrations showcase how panicking it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose inbetween being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their two thousand thirteen Darpa-funded research and hacking demo, he sent a letter to twenty automakers , asking them to response a series of questions about their security practices. The answers, released in February , showcase what Markey describes as “a clear lack of adequate security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the sixteen automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn't expose the automakers' individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles' digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital directives.

Hackers Remotely Kill a Jeep on the Highway—With Me in It, WIRED

Hackers Remotely Kill a Jeep on the Highway–With Me in It

I was driving seventy mph on the edge of downtown St. Louis when the exploit began to take hold.

However I hadn't touched the dashboard, the vents in the Jeep Cherokee began blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at utter volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That's when they cut the transmission.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and scarcely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver witnessed me, too, and could tell I was paralyzed on the highway.

“You're fated!” Valasek shouted, but I couldn't make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller's advice: I didn't funk. I did, however, drop any semblance of bravery, grab my iPhone with a clammy knuckle, and beg the hackers to make it stop.

Wireless Carjackers

As an auto-hacking antidote, the bill couldn’t be timelier. The attack implements Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic practice on I-64; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could securely proceed the experiment.

Miller and Valasek’s total arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV slipped furiously into a ditch. The researchers say they're working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in switch roles. Their hack enables surveillance too: They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

From that entry point, Miller and Valasek's attack pivots to an adjacent chip in the car's head unit—the hardware for its entertainment system—silently rewriting the chip's firmware to plant their code. That rewritten firmware is capable of sending directives through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their total set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, however they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to attempt remotely hacking into other makes and models of cars.

If consumers don't realize this is an issue, they should, and they should commence complaining to carmakers. This might be the kind of software bug most likely to kill someone.

The two researchers say that even if their code makes it lighter for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it permits their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles' digital security. “If consumers don't realize this is an issue, they should, and they should commence complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

In fact, Miller and Valasek aren't the very first to hack a car over the Internet. In two thousand eleven a team of researchers from the University of Washington and the University of California at San Diego demonstrated that they could wirelessly disable the locks and brakes on a sedan . But those academics took a more discreet treatment, keeping the identity of the hacked car secret and sharing the details of the exploit only with carmakers.

471,000 Hackable Automobiles

Sitting on a leather couch in Miller's living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, emerges on the laptop screen. It’s a Dodge Ram. Miller ass-plugs its GPS coordinates into Google Maps to expose that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to show up on his screen is a Jeep Cherokee driving around a highway cloverleaf inbetween San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Observing the actual, mapped locations of these unwitting strangers' vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington investigate to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles' technical manuals and wiring diagrams. Using those specs, they rated twenty four cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers : How many and what types of radios connected the vehicle's systems to the Internet; whether the Internet-connected computers were decently isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital directives could trigger physical deeds like turning the wheel or activating brakes.

Based on that probe, they rated Jeep Cherokee the most hackable model. Cadillac's Escalade and Infiniti's Q50 didn't fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [fresh] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a fresh Escalade since Miller and Valasek’s last probe, but that cybersecurity is “an emerging area in which we are dedicating more resources and instruments,” including the latest hire of a chief product cybersecurity officer.

After Miller and Valasek determined to concentrate on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn't until June that Valasek issued a instruction from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller's St. Louis driveway.

“For all the critics in two thousand thirteen who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking

Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to expose fresh legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set fresh security standards and create a privacy and security rating system for consumers. “Controlled demonstrations showcase how scaring it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose inbetween being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their two thousand thirteen Darpa-funded research and hacking demo, he sent a letter to twenty automakers , asking them to response a series of questions about their security practices. The answers, released in February , demonstrate what Markey describes as “a clear lack of suitable security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the sixteen automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn't expose the automakers' individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles' digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital directions.

Corman's group has been visiting auto industry events to thrust five recommendations : safer design to reduce attack points, third-party testing, internal monitoring systems, segmented architecture to limit the harm from any successful invasion, and the same Internet-enabled security software updates that PCs now receive. The last of those in particular is already catching on; Ford announced a switch to over-the-air updates in March , and BMW used wireless updates to patch a hackable security flaw in door locks in January .

Hackers Remotely Kill a Jeep on the Highway—With Me in It, WIRED

Hackers Remotely Kill a Jeep on the Highway–With Me in It

I was driving seventy mph on the edge of downtown St. Louis when the exploit began to take hold.

However I hadn't touched the dashboard, the vents in the Jeep Cherokee began blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at total volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

The Jeep’s strange behavior wasn’t entirely unexpected. I'd come to St. Louis to be Miller and Valasek's digital crash-test dummy, a willing subject on whom they could test the car-hacking research they'd been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker's nightmare: software that lets hackers send guidelines through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

To better simulate the practice of driving a vehicle while it's being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller's laptop in his house ten miles west. Instead, they merely assured me that they wouldn't do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Recall, Andy,” Miller had said through my iPhone's speaker just before I pulled onto the Interstate sixty four on-ramp, “no matter what happens, don't fright.” 1

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That's when they cut the transmission.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and hardly crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver spotted me, too, and could tell I was paralyzed on the highway.

“You're fated!” Valasek shouted, but I couldn't make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller's advice: I didn't fright. I did, however, drop any semblance of bravery, grab my iPhone with a clammy knuckle, and beg the hackers to make it stop.

Wireless Carjackers

This wasn't the very first time Miller and Valasek had put me behind the wheel of a compromised car. In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Arch, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel . “When you lose faith that a car will do what you tell it to do,” Miller observed at the time, “it indeed switches your entire view of how the thing works.” Back then, however, their hacks had a comforting limitation: The attacker's PC had been wired into the vehicles' onboard diagnostic port, a feature that normally gives repair technicians access to information about the car's electronically managed systems.

From that entry point, Miller and Valasek's attack pivots to an adjacent chip in the car's head unit—the hardware for its entertainment system—silently rewriting the chip's firmware to plant their code. That rewritten firmware is capable of sending directives through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their total set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, tho’ they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to attempt remotely hacking into other makes and models of cars.

After the researchers expose the details of their work in Vegas, only two things will prevent their instrument from enabling a wave of attacks on Jeeps around the world. Very first, they plan to leave out the part of the attack that rewrites the chip’s firmware; hackers following in their footsteps will have to reverse-engineer that element, a process that took Miller and Valasek months. But the code they publish will enable many of the dashboard hijinks they demonstrated on me as well as GPS tracking.

If consumers don't realize this is an issue, they should, and they should embark complaining to carmakers. This might be the kind of software bug most likely to kill someone.

Chrysler stated in a response to questions from WIRED that it “appreciates” Miller and Valasek’s work. But the company also seemed leery of their decision to publish part of their exploit. “Under no circumstances does FCA condone or believe it’s suitable to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to build up unauthorized and unlawful access to vehicle systems,” the company’s statement reads. “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”

The two researchers say that even if their code makes it lighter for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it permits their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles' digital security. “If consumers don't realize this is an issue, they should, and they should commence complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

In fact, Miller and Valasek aren't the very first to hack a car over the Internet. In two thousand eleven a team of researchers from the University of Washington and the University of California at San Diego demonstrated that they could wirelessly disable the locks and brakes on a sedan . But those academics took a more discreet treatment, keeping the identity of the hacked car secret and sharing the details of the exploit only with carmakers.

Miller and Valasek represent the 2nd act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in two thousand eleven now face the possibility of a public dump of their vehicles' security flaws. The result could be product recalls or even civil suits, says UCSD computer science professor Stefan Savage, who worked on the two thousand eleven probe. “Imagine going up against a class-action lawyer after Anonymous determines it would be joy to brick all the Jeep Cherokees in California,” Savage says. Two

471,000 Hackable Automobiles

Sitting on a leather couch in Miller's living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, emerges on the laptop screen. It’s a Dodge Ram. Miller buttplugs its GPS coordinates into Google Maps to expose that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to show up on his screen is a Jeep Cherokee driving around a highway cloverleaf inbetween San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Witnessing the actual, mapped locations of these unwitting strangers' vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

When Miller and Valasek very first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, restricting its range to a few dozen yards. When they discovered the Uconnect's cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn't the limit. “When I eyed we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that's a vehicle on a highway in the middle of the country. Car hacking got real, right then.”

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington investigate to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

When they demonstrated a wired-in attack on those vehicles at the DefCon hacker conference in 2013, tho’, Toyota, Ford, and others in the automotive industry downplayed the significance of their work, pointing out that the hack had required physical access to the vehicles. Toyota, in particular, argued that its systems were “sturdy and secure” against wireless attacks . “We didn't have the influence with the manufacturers that we dreamed,” Miller says. To get their attention, they'd need to find a way to hack a vehicle remotely.

So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles' technical manuals and wiring diagrams. Using those specs, they rated twenty four cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers : How many and what types of radios connected the vehicle's systems to the Internet; whether the Internet-connected computers were decently isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital guidelines could trigger physical deeds like turning the wheel or activating brakes.

Based on that probe, they rated Jeep Cherokee the most hackable model. Cadillac's Escalade and Infiniti's Q50 didn't fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [fresh] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a fresh Escalade since Miller and Valasek’s last probe, but that cybersecurity is “an emerging area in which we are dedicating more resources and implements,” including the latest hire of a chief product cybersecurity officer.

After Miller and Valasek determined to concentrate on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn't until June that Valasek issued a instruction from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller's St. Louis driveway.

“For all the critics in two thousand thirteen who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking

Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to expose fresh legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set fresh security standards and create a privacy and security rating system for consumers. “Controlled demonstrations demonstrate how scaring it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose inbetween being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their two thousand thirteen Darpa-funded research and hacking demo, he sent a letter to twenty automakers , asking them to response a series of questions about their security practices. The answers, released in February , showcase what Markey describes as “a clear lack of adequate security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the sixteen automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn't expose the automakers' individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles' digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital directives.

In fact, automakers are thinking about their digital security more than ever before, says Josh Corman, the cofounder of I Am the Cavalry, a security industry organization dedicated to protecting future Internet-of-things targets like automobiles and medical devices. Thanks to Markey's letter, and another set of questions sent to automakers by the House Energy and Commerce Committee in May , Corman says, Detroit has known for months that car security regulations are coming.

But Corman cautions that the same automakers have been more focused on challenging with each other to install fresh Internet-connected cellular services for entertainment, navigation, and safety. (Payments for those services also provide a nice monthly revenue stream.) The result is that the companies have an incentive to add Internet-enabled features—but not to secure them from digital attacks. “They're getting worse quicker than they're getting better,” he says. “If it takes a year to introduce a fresh hackable feature, then it takes them four to five years to protect it.”

Hackers Remotely Kill a Jeep on the Highway—With Me in It, WIRED

Hackers Remotely Kill a Jeep on the Highway–With Me in It

I was driving seventy mph on the edge of downtown St. Louis when the exploit began to take hold.

However I hadn't touched the dashboard, the vents in the Jeep Cherokee commenced blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at total volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

The Jeep’s strange behavior wasn’t entirely unexpected. I'd come to St. Louis to be Miller and Valasek's digital crash-test dummy, a willing subject on whom they could test the car-hacking research they'd been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker's nightmare: software that lets hackers send directives through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

To better simulate the practice of driving a vehicle while it's being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller's laptop in his house ten miles west. Instead, they merely assured me that they wouldn't do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Recall, Andy,” Miller had said through my iPhone's speaker just before I pulled onto the Interstate sixty four on-ramp, “no matter what happens, don't scare.” 1

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That's when they cut the transmission.

“You're fated!” Valasek shouted, but I couldn't make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller's advice: I didn't funk. I did, however, drop any semblance of bravery, grab my iPhone with a clammy knuckle, and beg the hackers to make it stop.

Wireless Carjackers

As an auto-hacking antidote, the bill couldn’t be timelier. The attack devices Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic practice on I-64; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could securely proceed the experiment.

Miller and Valasek’s total arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV glided furiously into a ditch. The researchers say they're working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in switch roles. Their hack enables surveillance too: They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

From that entry point, Miller and Valasek's attack pivots to an adjacent chip in the car's head unit—the hardware for its entertainment system—silently rewriting the chip's firmware to plant their code. That rewritten firmware is capable of sending directions through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their utter set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, however they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to attempt remotely hacking into other makes and models of cars.

After the researchers expose the details of their work in Vegas, only two things will prevent their contraption from enabling a wave of attacks on Jeeps around the world. Very first, they plan to leave out the part of the attack that rewrites the chip’s firmware; hackers following in their footsteps will have to reverse-engineer that element, a process that took Miller and Valasek months. But the code they publish will enable many of the dashboard hijinks they demonstrated on me as well as GPS tracking.

If consumers don't realize this is an issue, they should, and they should commence complaining to carmakers. This might be the kind of software bug most likely to kill someone.

The two researchers say that even if their code makes it lighter for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it permits their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles' digital security. “If consumers don't realize this is an issue, they should, and they should begin complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

In fact, Miller and Valasek aren't the very first to hack a car over the Internet. In two thousand eleven a team of researchers from the University of Washington and the University of California at San Diego displayed that they could wirelessly disable the locks and brakes on a sedan . But those academics took a more discreet treatment, keeping the identity of the hacked car secret and sharing the details of the exploit only with carmakers.

Miller and Valasek represent the 2nd act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in two thousand eleven now face the possibility of a public dump of their vehicles' security flaws. The result could be product recalls or even civil suits, says UCSD computer science professor Stefan Savage, who worked on the two thousand eleven probe. “Imagine going up against a class-action lawyer after Anonymous determines it would be joy to brick all the Jeep Cherokees in California,” Savage says. Two

471,000 Hackable Automobiles

Sitting on a leather couch in Miller's living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, shows up on the laptop screen. It’s a Dodge Ram. Miller corks its GPS coordinates into Google Maps to expose that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to emerge on his screen is a Jeep Cherokee driving around a highway cloverleaf inbetween San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Witnessing the actual, mapped locations of these unwitting strangers' vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

When Miller and Valasek very first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, restricting its range to a few dozen yards. When they discovered the Uconnect's cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn't the limit. “When I spotted we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that's a vehicle on a highway in the middle of the country. Car hacking got real, right then.”

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington examine to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

Based on that explore, they rated Jeep Cherokee the most hackable model. Cadillac's Escalade and Infiniti's Q50 didn't fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [fresh] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a fresh Escalade since Miller and Valasek’s last examine, but that cybersecurity is “an emerging area in which we are dedicating more resources and implements,” including the latest hire of a chief product cybersecurity officer.

“For all the critics in two thousand thirteen who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking

Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to expose fresh legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set fresh security standards and create a privacy and security rating system for consumers. “Controlled demonstrations demonstrate how panicking it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose inbetween being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their two thousand thirteen Darpa-funded research and hacking demo, he sent a letter to twenty automakers , asking them to response a series of questions about their security practices. The answers, released in February , showcase what Markey describes as “a clear lack of adequate security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the sixteen automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn't expose the automakers' individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles' digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital directives.

Update Trio:30 7/24/2015 : Chrysler has issued a recall for 1.Four million vehicles as a result of Miller and Valasek's research. The company has also blocked their wireless attack on Sprint's network to protect vehicles with the vulnerable software.

Hackers Remotely Kill a Jeep on the Highway—With Me in It, WIRED

Hackers Remotely Kill a Jeep on the Highway–With Me in It

I was driving seventy mph on the edge of downtown St. Louis when the exploit began to take hold.

However I hadn't touched the dashboard, the vents in the Jeep Cherokee embarked blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at utter volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

The Jeep’s strange behavior wasn’t entirely unexpected. I'd come to St. Louis to be Miller and Valasek's digital crash-test dummy, a willing subject on whom they could test the car-hacking research they'd been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker's nightmare: software that lets hackers send directives through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That's when they cut the transmission.

“You're fated!” Valasek shouted, but I couldn't make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller's advice: I didn't scare. I did, however, drop any semblance of bravery, grab my iPhone with a clammy knuckle, and beg the hackers to make it stop.

Wireless Carjackers

This wasn't the very first time Miller and Valasek had put me behind the wheel of a compromised car. In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Arch, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel . “When you lose faith that a car will do what you tell it to do,” Miller observed at the time, “it indeed switches your entire view of how the thing works.” Back then, however, their hacks had a comforting limitation: The attacker's PC had been wired into the vehicles' onboard diagnostic port, a feature that normally gives repair technicians access to information about the car's electronically managed systems.

Miller and Valasek’s total arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV slipped furiously into a ditch. The researchers say they're working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in switch sides. Their hack enables surveillance too: They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

From that entry point, Miller and Valasek's attack pivots to an adjacent chip in the car's head unit—the hardware for its entertainment system—silently rewriting the chip's firmware to plant their code. That rewritten firmware is capable of sending directives through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their total set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, however they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to attempt remotely hacking into other makes and models of cars.

If consumers don't realize this is an issue, they should, and they should commence complaining to carmakers. This might be the kind of software bug most likely to kill someone.

Chrysler stated in a response to questions from WIRED that it “appreciates” Miller and Valasek’s work. But the company also seemed leery of their decision to publish part of their exploit. “Under no circumstances does FCA condone or believe it’s suitable to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to build up unauthorized and unlawful access to vehicle systems,” the company’s statement reads. “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”

Miller and Valasek represent the 2nd act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in two thousand eleven now face the possibility of a public dump of their vehicles' security flaws. The result could be product recalls or even civil suits, says UCSD computer science professor Stefan Savage, who worked on the two thousand eleven investigate. “Imagine going up against a class-action lawyer after Anonymous determines it would be joy to brick all the Jeep Cherokees in California,” Savage says. Two

471,000 Hackable Automobiles

Sitting on a leather couch in Miller's living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, shows up on the laptop screen. It’s a Dodge Ram. Miller corks its GPS coordinates into Google Maps to expose that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to emerge on his screen is a Jeep Cherokee driving around a highway cloverleaf inbetween San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Observing the actual, mapped locations of these unwitting strangers' vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

When Miller and Valasek very first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, limiting its range to a few dozen yards. When they discovered the Uconnect's cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn't the limit. “When I witnessed we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that's a vehicle on a highway in the middle of the country. Car hacking got real, right then.”

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington explore to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

When they demonstrated a wired-in attack on those vehicles at the DefCon hacker conference in 2013, however, Toyota, Ford, and others in the automotive industry downplayed the significance of their work, pointing out that the hack had required physical access to the vehicles. Toyota, in particular, argued that its systems were “sturdy and secure” against wireless attacks . “We didn't have the influence with the manufacturers that we desired,” Miller says. To get their attention, they'd need to find a way to hack a vehicle remotely.

So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles' technical manuals and wiring diagrams. Using those specs, they rated twenty four cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers : How many and what types of radios connected the vehicle's systems to the Internet; whether the Internet-connected computers were decently isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital instructions could trigger physical deeds like turning the wheel or activating brakes.

Based on that explore, they rated Jeep Cherokee the most hackable model. Cadillac's Escalade and Infiniti's Q50 didn't fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [fresh] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a fresh Escalade since Miller and Valasek’s last probe, but that cybersecurity is “an emerging area in which we are dedicating more resources and contraptions,” including the latest hire of a chief product cybersecurity officer.

After Miller and Valasek determined to concentrate on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn't until June that Valasek issued a instruction from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller's St. Louis driveway.

“For all the critics in two thousand thirteen who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking

Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to expose fresh legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set fresh security standards and create a privacy and security rating system for consumers. “Controlled demonstrations demonstrate how panicking it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose inbetween being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their two thousand thirteen Darpa-funded research and hacking demo, he sent a letter to twenty automakers , asking them to reaction a series of questions about their security practices. The answers, released in February , demonstrate what Markey describes as “a clear lack of adequate security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the sixteen automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn't expose the automakers' individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles' digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital directives.

But Corman cautions that the same automakers have been more focused on contesting with each other to install fresh Internet-connected cellular services for entertainment, navigation, and safety. (Payments for those services also provide a nice monthly revenue stream.) The result is that the companies have an incentive to add Internet-enabled features—but not to secure them from digital attacks. “They're getting worse quicker than they're getting better,” he says. “If it takes a year to introduce a fresh hackable feature, then it takes them four to five years to protect it.”

Hackers Remotely Kill a Jeep on the Highway—With Me in It, WIRED

Hackers Remotely Kill a Jeep on the Highway–With Me in It

I was driving seventy mph on the edge of downtown St. Louis when the exploit began to take hold.

The Jeep’s strange behavior wasn’t entirely unexpected. I'd come to St. Louis to be Miller and Valasek's digital crash-test dummy, a willing subject on whom they could test the car-hacking research they'd been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker's nightmare: software that lets hackers send guidelines through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

To better simulate the practice of driving a vehicle while it's being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller's laptop in his house ten miles west. Instead, they merely assured me that they wouldn't do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Recall, Andy,” Miller had said through my iPhone's speaker just before I pulled onto the Interstate sixty four on-ramp, “no matter what happens, don't scare.” 1

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That's when they cut the transmission.

“You're fated!” Valasek shouted, but I couldn't make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller's advice: I didn't fright. I did, however, drop any semblance of bravery, grab my iPhone with a clammy knuckle, and beg the hackers to make it stop.

Wireless Carjackers

Miller and Valasek’s total arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV glided madly into a ditch. The researchers say they're working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in switch sides. Their hack enables surveillance too: They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

From that entry point, Miller and Valasek's attack pivots to an adjacent chip in the car's head unit—the hardware for its entertainment system—silently rewriting the chip's firmware to plant their code. That rewritten firmware is capable of sending guidelines through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their total set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, however they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to attempt remotely hacking into other makes and models of cars.

If consumers don't realize this is an issue, they should, and they should begin complaining to carmakers. This might be the kind of software bug most likely to kill someone.

The two researchers say that even if their code makes it lighter for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it permits their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles' digital security. “If consumers don't realize this is an issue, they should, and they should commence complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

Miller and Valasek represent the 2nd act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in two thousand eleven now face the possibility of a public dump of their vehicles' security flaws. The result could be product recalls or even civil suits, says UCSD computer science professor Stefan Savage, who worked on the two thousand eleven investigate. “Imagine going up against a class-action lawyer after Anonymous determines it would be joy to brick all the Jeep Cherokees in California,” Savage says. Two

471,000 Hackable Automobiles

Sitting on a leather couch in Miller's living room as a summer storm thunders outside, the two researchers scan the Internet for victims.

A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, emerges on the laptop screen. It’s a Dodge Ram. Miller buttplugs its GPS coordinates into Google Maps to expose that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to show up on his screen is a Jeep Cherokee driving around a highway cloverleaf inbetween San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Observing the actual, mapped locations of these unwitting strangers' vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.

When Miller and Valasek very first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, limiting its range to a few dozen yards. When they discovered the Uconnect's cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn't the limit. “When I eyed we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that's a vehicle on a highway in the middle of the country. Car hacking got real, right then.”

That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington investigate to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.

When they demonstrated a wired-in attack on those vehicles at the DefCon hacker conference in 2013, however, Toyota, Ford, and others in the automotive industry downplayed the significance of their work, pointing out that the hack had required physical access to the vehicles. Toyota, in particular, argued that its systems were “sturdy and secure” against wireless attacks . “We didn't have the influence with the manufacturers that we desired,” Miller says. To get their attention, they'd need to find a way to hack a vehicle remotely.

Based on that explore, they rated Jeep Cherokee the most hackable model. Cadillac's Escalade and Infiniti's Q50 didn't fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [fresh] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a fresh Escalade since Miller and Valasek’s last explore, but that cybersecurity is “an emerging area in which we are dedicating more resources and contraptions,” including the latest hire of a chief product cybersecurity officer.

After Miller and Valasek determined to concentrate on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn't until June that Valasek issued a guideline from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller's St. Louis driveway.

“For all the critics in two thousand thirteen who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”

Congress Takes on Car Hacking

Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.

Later today, senators Markey and Blumenthal intend to expose fresh legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set fresh security standards and create a privacy and security rating system for consumers. “Controlled demonstrations showcase how panicking it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose inbetween being connected and being protected. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

Markey has keenly followed Miller and Valasek’s research for years. Citing their two thousand thirteen Darpa-funded research and hacking demo, he sent a letter to twenty automakers , asking them to reaction a series of questions about their security practices. The answers, released in February , showcase what Markey describes as “a clear lack of suitable security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the sixteen automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn't expose the automakers' individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles' digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital directives.

But Corman cautions that the same automakers have been more focused on challenging with each other to install fresh Internet-connected cellular services for entertainment, navigation, and safety. (Payments for those services also provide a nice monthly revenue stream.) The result is that the companies have an incentive to add Internet-enabled features—but not to secure them from digital attacks. “They're getting worse swifter than they're getting better,” he says. “If it takes a year to introduce a fresh hackable feature, then it takes them four to five years to protect it.”

Related movie:

admin_en | [email protected]

used car prices

Dec
2017

Zipcar Introduces Car Sharing Program in Collingswood, NJ – Alaska Dispatch News

admin_en

Zipcar Introduces Car Sharing Program in Collingswood, NJ CAMBRIDGE, Mass. , Sept. 29, two thousand eleven /PRNewswire/ — Zipcar, Inc. (Nasdaq: ZIP), the world’s leading car sharing network, and the Borough of Collingswood , today announced Zipcar’s expansion into Collingswood, Fresh Jersey , located just ten minutes outside of Philadelphia .

keep reading

used car prices

Dec
2017

Women claim rental car company won’t pay for valuables lost when van caught fire, WSB-TV

admin_en

WSB Atlanta SIGN IN Sign in using your wsbtv profile Sign in using you account with: Sign Up / Sign In Welcome Back Sign Up / Sign In Welcome back. Please sign in You’re Almost Done! Please confirm the information below before signing in. REGISTER By submitting your registration information, you agree to our Terms […]

keep reading

used car prices

Dec
2017

Woman stabbed in Huntington – WBOY – Clarksburg, Morgantown: News, Sports, Weather

admin_en

Woman stabbed in Huntington – WBOY – Clarksburg, Morgantown: News, Sports, Weather UPDATE: According to police, the woman received a petite cut on her arm from a box cutter. They tell us they’re receiving conflicting stories. No charges will be filed and no arrests will be made. ORIGINAL: According to Cabell County Dispatchers, a woman […]

keep reading

Hackers Remotely Kill a Jeep on the Highway—With Me in It, WIRED

Hackers Remotely Kill a Jeep on the Highway—With Me in It, WIRED

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Wireless Carjackers

471,000 Hackable Automobiles

Congress Takes on Car Hacking

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Wireless Carjackers

471,000 Hackable Automobiles

Congress Takes on Car Hacking

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Wireless Carjackers

471,000 Hackable Automobiles

Congress Takes on Car Hacking

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Wireless Carjackers

471,000 Hackable Automobiles

Congress Takes on Car Hacking

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Wireless Carjackers

471,000 Hackable Automobiles

Congress Takes on Car Hacking

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Wireless Carjackers

471,000 Hackable Automobiles

Congress Takes on Car Hacking

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Wireless Carjackers

471,000 Hackable Automobiles

Congress Takes on Car Hacking

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Hackers Remotely Kill a Jeep on the Highway–With Me in It

Wireless Carjackers

471,000 Hackable Automobiles

Congress Takes on Car Hacking

Related movie:

Tags:

Related Posts

Leave a Reply Cancel reply