Car hackers: vehicle security flaws are 'likely to kill someone'
Hackers discover software flaws that could let people take control of vehicles via the web
Car hackers in the US have demonstrated their ability to take control of a vehicle, including its brakes, steering, engine, radio and air conditioning and said that they will publish a how-to guide on the internet next month.
The hackers, Charlie Miller and Chris Valasek, proved that they could take control of core functions of a Jeep Cherokee to Wired journalist Andy Greenberg.
In the test, the hackers disabled the journalist's accelerator as he drove along a highway, nearly causing an accident with an articulated lorry.
The hackers also demonstrated their ability to remotely control the car's entertainment system, blaring hip hop at full volume, and its climate control system, by blasting cold air into the cabin. They also cut the Jeep's brakes, causing the journalist to careen into a ditch.
Miller and Valasek's hacks on the Jeep were designed to show the flaws in Chrysler's Uconnect internet-connected computer feature, which is installed in hundreds of thousands of Fiat Chrysler cars, trucks and SUVs around the world.
"From an attacker's perspective, it's a super nice vulnerability," Miller says.
Miller and Valasek have been working with Chrysler for months to help the company improve its systems, but have now gone public with the hack and say that they will release part of the code at the Black Hat security conference in Las Vegas next month.
In a statement, Chrysler criticised the decision, saying: "We appreciate the contributions of cyber security advocates to augment the industry's understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they [do] not, in fact, compromise public safety."
The hackers responded that their information release is warranted because it allows their techniques to be tested through peer review.
The publication also "sends a message", Wired says. "Automakers need to be held accountable for their vehicles' digital security."
Miller points out: "If consumers don't realise this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone."
According to Wired, legislation designed to protect drivers and their passengers from hackers may well follow. US senators Ed Markey and Richard Blumenthal intend to introduce a security bill to set new digital security standards for both cars and trucks.