Hackers can compromise many things, such as your bank account, credit card, email account and your identity. In a surprising experiment, Wired editors Charlie Miller and Chris Valasek also revealed that hackers have the ability to compromise something less suspecting and potentially far more dangerous: your car.
The editors' conducted an experiment utilizing a "digital crash-test dummy," who was driving the car at 70 mph in downtown St. Louis. The Wired editors remotely hacked into the car, causing the vehicle to blast cold air at a maximum setting, switch the radio to a hip-hop channel and pump up the volume. The hackers were also able to turn the windshield wipers on, squirt wiper fluid and then, in a terrifying move, abruptly cut the transmission.
This experiment confirmed a vulnerability that allows hackers to remotely take over a Jeep. Using a sophisticated hacking technique, the vulnerability can be taken advantage of to remotely control thousands of vehicles via the Internet.
"Their code is an automaker's nightmare: software that lets hackers send commands through a Jeep's entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country," Wired's Andy Greenberg, the experiment's willing digital crash-test dummy, wrote in an article.
This hacking technique also enables surveillance, allowing cyber criminals to remotely track a Jeep's GPS coordinates, measure its speed and trace its route on a map—which is certainly very creepy and in the worst scenario, can be life-threatening.
Today, more automakers are focusing on offering high-tech cars with smartphone-like capabilities, and some, like Chrysler, are turning to Uconnect, an Internet-connected computer feature that controls the vehicle's entertainment and navigation, enables phone calls, and is even capable of offering a Wi-Fi hot spot. It's currently used in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks. However, this system also has a flaw that can make the cars particularly vulnerable to hackers. Miller and Vasalak won't identify any of the specifics and have been working with Chrysler to develop a patch for this vulnerability.
The Wired article explains: "Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They've only tested their full set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, though they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit."
Owners of vehicles with the Uconnect feature were notified on July 16 about the new patch in a post on Chrysler's website.
"Unfortunately, Chrysler's patch must be manually implemented via a USB stick or by a dealership mechanic. That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable," Greenberg explains in his article.
On Sunday, federal regulators announced that Fiat Chrysler will pay a record $105 million for mishandling 23 recalls.