Hackers Wirelessly Kill Engine of a Moving Car

Would you want to drive a vehicle where hackers can use a remote interface to the entertainment system to change your radio station, or switch off the air conditioning, or disable the brakes, or take control of the steering, or stop the engine when you are driving at 70mph? In this incredible video, two hackers prove they can do all that to a Jeep Cherokee.

The hackers are Charlie Miller and Chris Valasek, and they want money and resources so they can see if they can find similar weaknesses in the interfaces of other cars. They deserve support and encouragement. Meanwhile car manufacturers need to raise their game, and put as much investment into researching and preventing hacking as they put into crash simulation and anti-theft devices. If not, the consequences could be devastating.

Thankfully, car manufacturer Fiat Chrysler has now recalled 1.4 million cars in order to update the uConnect system that was hacked by Miller and Valasek. Nevertheless, Miller made an excellent point when issuing this tweet soon after.

Fiat Chrysler tried to hide behind the skirts of the law whilst explaining the need for a recall, saying that hacking cars is a ‘criminal action’. That may be so, but I want any car I drive to be unhackable. I do not want to drive a car where the deterrent to any hacker who wants to kill me is that they risk punishment for hacking in addition to the punishment for my murder. Furthermore, I want guys like Miller and Valasek to be encouraged to find security and safety weaknesses that big businesses have failed to address. They should be rewarded for their efforts, not treated like criminals.

We should all treat this as a wake-up call. Our industry is far too relaxed about security surrounding the Internet of Things. Customers may enjoy having a stereo music system which can connect to the internet, but nobody would risk their life for it. Software development models usually involve a ‘reasonable’ amount of testing that leaves some bugs and flaws to be captured only after the product has been sold to a mass market. When applied to the Internet of Things, that approach is inadequate, and the consequences of failure may be far greater than corrupted data or compromised privacy.

You can learn more about Miller and Valasek, and how they hacked the Jeep Cherokee from this article at Wired.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.