Hackers Wirelessly Kill Engine of a Moving Car

Would you want to drive a vehicle where hackers can use a remote interface to the entertainment system to change your radio station, or switch off the air conditioning, or disable the brakes, or take control of the steering, or stop the engine when you are driving at 70mph? In this incredible video, two hackers prove they can do all that to a Jeep Cherokee.

The hackers are Charlie Miller and Chris Valasek, and they want money and resources so they can see if they can find similar weaknesses in the interfaces of other cars. They deserve support and encouragement. Meanwhile car manufacturers need to raise their game, and put as much investment into researching and preventing hacking as they put into crash simulation and anti-theft devices. If not, the consequences could be devastating.

Thankfully, car manufacturer Fiat Chrysler has now recalled 1.4 million cars in order to update the uConnect system that was hacked by Miller and Valasek. Nevertheless, Miller made an excellent point when issuing this tweet soon after.

Fiat Chrysler tried to hide behind the skirts of the law whilst explaining the need for a recall, saying that hacking cars is a ‘criminal action’. That may be so, but I want any car I drive to be unhackable. I do not want to drive a car where the deterrent to any hacker who wants to kill me is that they risk punishment for hacking in addition to the punishment for my murder. Furthermore, I want guys like Miller and Valasek to be encouraged to find security and safety weaknesses that big businesses have failed to address. They should be rewarded for their efforts, not treated like criminals.

We should all treat this as a wake-up call. Our industry is far too relaxed about security surrounding the Internet of Things. Customers may enjoy having a stereo music system which can connect to the internet, but nobody would risk their life for it. Software development models usually involve a ‘reasonable’ amount of testing that leaves some bugs and flaws to be captured only after the product has been sold to a mass market. When applied to the Internet of Things, that approach is inadequate, and the consequences of failure may be far greater than corrupted data or compromised privacy.

You can learn more about Miller and Valasek, and how they hacked the Jeep Cherokee from this article at Wired.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.   Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.   Commsrisk is edited by Eric. Look here for more about Eric's history as editor.