car hackers say they've hijacked jeep brakes - car electronics system
LAS VEGAS —
A year ago, hackers hijacked a Jeep on the internet and they did it again --with a twist.
In 2015, car cyber security researchers Charlie Miller and Chris varasker showed how cars can park remotely and disable brakes when they are less than 5 miles per hour.
This year, they released a new loophole: in the car, plug in the car's electronic system, hijack its steering and braking system, while driving at a faster speed.
While they know what they're doing is difficult, time-
They insist that by releasing the news now, the car company can solve the problem ahead of time and build a safer system.
"It makes it harder for us to do this.
Any technical system can be exploited by attackers, "said Miller, who spoke to Valasek on Thursday at the big computer security conference Black Hat in Las Vegas.
The couple led a group of viewers to see how they cracked the code for 2014 Jeep Cherokee, discovered its holes, and then was able to start the brakes, when the car is traveling at 30 miles an hour, take over the steering wheel and set the parking brake.
During the test, they managed to drive the car into a ditch in a corn field near their home.
"A nice local dragged us out for $10," Miller said . ".
New hackers listen to the information they send by deceiving the car's electronic system, rather than the information sent by various computers on the car.
Previously, they found that if a car received information from them and from itself, it caused a conflict and shut down the entire system.
Both of them work at Uber's Advanced Technology Center in Pittsburgh, Pennsylvania, USA.
But their car hacking research is not part of their daily work.
"It's all night and weekend," Valasek said . ".
"We need to find another hobby.
Chrysler: this is the old software of fiat Chrysler, which they hacked, said in a statement to USA Today: "while it seems that our researchers have not found any new remote way to damage 2014 Jeep Cherokee or other fca us vehicles.
"It also said that the model vehicle has updated its safety measures --
As part of a voluntary security recall, the enhanced software appears to have been modified back to the old software level of the demo.
"If the vehicle software is still at the latest level, this utilization is unlikely to be implemented via a USB port," the statement wrote . ".
Fiat Chrysler last year launched a "bug bounty" project, which is where cyber security researchers disclose loopholes rather than publicly displaying them.
The actions of automakers in strengthening safety are crucial.
Mike Belton, vice president of Applied Research at Optiv, said that soon all cars will become "sensing and entertainment platforms on wheels with engines ".
"I think automakers certainly understand that if they don't do it, they will face regulatory and insurance pressures and consumer adoption issues," Benton said . ".
Any actual hacking would be a business.
"End the incident," he said.
In fact, KPMG's research released this month found that 8 out of 10 consumers were very worried about the problem, which would affect their purchase decisions if they knew that a certain brand was at risk of being hacked.
Change is coming.
The problem is that the car company was not smooth at first.
The new car is designed based on the old model, and there are all problems with any legacy system.
"Adding security throughout the process is a huge effort and a considerable cost factor," Timo van roer, senior automotive safety architect at NXP, a Dutch company that provides chips for the automotive industry
However, manufacturers are starting to embrace safety.
Many advanced models are adding gateways so that they can no longer speak independently to each network in the car.
According to what he sees NXPcustomers doing, he believes that by 2020 all new cars will have this feature.
The problem is that it will take about 5 years to design a new car, and then its life will exceed 15 years.
So Van rotmund said, "The challenge is to keep it safe from hackers who might work in 20 years.
The swan song of this car
Miller and varasker said it was their last attempt.
In fact, it is impossible to know if the potential threats they have discovered have been fixed for several years, Miller said, because the launch cycle of the new car is about four years.
"I would be very disappointed if we could not see the change in five years.
"This is something that really needs to be there," he said . ".