Remember the Jeep hackers? Continuing on their work from last year, Charlie Miller and Chris Valasek have found a new exploit for the SUV, allowing them to take over the vehicle even while it is moving at high speeds.
Last year, Miller and Valasek discovered a vulnerability in the Jeep’s Uconnect infotainment system, allowing them to tap into the IP address of the SUV and remotely access the vehicle’s controls. Through the exploit, the hackers were able to blast cold air through the Jeep’s vents, play hip-hop music through its speakers and then disable the SUV to leave it stranded on the side of a highway.
The hack unveiled last year, however, can only be carried out while the Jeep is moving slower than 5 miles per hour. The new exploit that the hackers presented at the Black Hat hacker conference, which focuses on the same 2014 Jeep Cherokee that was the subject of their hack in the previous year, can allow them to gain control of the SUV even while it is moving at speeds of as high as 30 miles per hour.
To carry out the hack, Miller and Valasek had to do some reverse engineering, as the safety systems of the Jeep blocked attempts for remote access at speeds of over 5 miles per hour. They discovered a way to send false messages to the Jeep’s internal networks that replaced the correct ones by plugging in to the Jeep’s USB port, allowing them to order the SUV to perform more actions compared with last year’s exploit. Among the things that the hackers did were remotely controlling the Jeep to make a sharp turn and increasing its speed.
Miller and Valasek made it clear that the hack they demonstrated was time-consuming and difficult, and it was not going to be widely possible over the coming years. The hackers, however, insisted that by revealing the vulnerability now, automobile manufacturers could be alerted to the issue and could create systems that will be much safer.
“Let’s make this harder to do. Any technology system can be leveraged by attackers,” Miller said.
However, in a statement, Fiat Chrysler, the manufacturer of the Jeep Cherokee, said that while the company admires the creativity of Miller and Valasek, the SUV that the hackers used appeared to have had its software altered into an older version.
The company believes that the exploit would not have been possible to carry out if the software of the vehicle was upgraded to the newest version.
After Miller and Valasek revealed the hack that they discovered last year, Fiat Chrysler promptly recalled 1.4 million vehicles to carry out a software update to prevent such attacks.