Two hackers hijacked the controls of a speeding Jeep Cherokee and cut the engine on a St. Louis highway — all from laptops miles away.
They later steered the SUV around an empty parking lot, disabling the brakes as the driver pumped the useless pedal and crashed head on into a ditch.
The terrifying stunt, conducted with the help of a reporter for Wired, revealed a potentially fatal flaw in the growing number of high-tech rides.
Hackers Charlie Miller and Chris Valasek claim nearly a half-million vehicles are vulnerable across the country and the numbers are growing.
“This is what everyone who thinks about car security has worried about for years,” Miller told Wired. “This is a reality.”
The virtual backseat drivers can slip in through a vehicle’s smartphone-friendly entertainment system and wreak havoc on other computer-controlled operations — basically everything in modern automobiles.
Miller and Valasek, both cybersecurity researchers, claim they’ve warned carmakers about the danger for years but no one took them seriously — so they decided to prove it.
The two sent Wired reporter Andy Greenberg on the road in a Jeep and launched a cyber attack as he hit speeds of 70 mph on a Missouri highway.
Most of the attacks were minor — playing rapper Skee-Lo at full volume, flipping on the windshield wipers — until they cut the transmission as a tractor trailer closed in from behind.
“As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl,” Greenberg wrote in his alarming report. “This occurred just as I reached a long overpass, with no shoulder to offer an escape.”
Jeeps are the most vulnerable, but hundreds of thousands of vehicles using similar online technology are at risk, the hackers said.
Miller and Valasek see their work as a public service. They’ve been sharing their findings with carmakers in hopes of goading them into security reforms before someone gets killed.
Unimpressed by the sluggish response, they plan to release their code at the Black Hat hackers convention in August so it can be peer-reviewed.
Sen. Ed Markey (D-Mass.) and Sen. Richard Blumenthal (D-Conn.) plan to introduce a bill that would address the problem with new security standards for automakers.
Cyber security experts say the St. Louis demonstration proves the industry needs to move fast.
“If consumers don’t realize this is an issue, they should, and they should start complaining to car companies,” Miller told Wired. “This might be the kind of software bug most likely to kill someone.”
Source: Daily News