The famous team of security researchers that managed to hack a 2014 Jeep Cherokee managed to pull off new tricks.
Charlie Miller and Chris Valasek, the team of security researchers responsible for the feat that led to a massive recall for Fiat Chrysler Automobiles, have developed new schemes to hack into cars. The team focused on the same 2014 Jeep Cherokee that was used in last year’s hacking demonstration.
This time, the hack was not made wirelessly, so you must not run to the nearest cave in an attempt to get off the grid. Instead, the two researchers had to connect an OBD-II plug to the vehicle’s onboard diagnostics port, which they used to mess with the vehicle’s CAN bus connection.
While Fiat Chrysler Automobiles’ recall action that targeted 1.4 million vehicles has made them safe from wireless hacking, the tricks performed by the two safety researchers can be done without any interference with the multimedia unit.
Even though they admitted using a car that operated the pre-recall version of the UConnect infotainment system, the pair of researchers explained that the hack demonstrated has nothing to do with the multimedia unit, Wired notes.
Instead, using the CAN bus of a vehicle and sending it various commands and signals, the ECU’s security thresholds were overridden, and the team was able to gain full control over the steering, braking system, and the throttle.
The latter was only accessible with the aid of the cruise control system, which was exploited to raise the vehicle’s velocity by tens of miles per hour without any driver input.
The two researchers even crashed their car while performing tests and demonstrations, as one of the videos below shows. In the case of the said video, the steering is controlled by someone who is not at the wheel, and the car is made to turn suddenly by a large margin. The SUV then winds up in a ditch.
The team of safety researchers has asked all automakers to safeguard the OBD II port and the CAN bus of each vehicle with physical means, so that they would not be accessible to a hacker without placing a controller there and operating it remotely.
This time, the hack was not made wirelessly, so you must not run to the nearest cave in an attempt to get off the grid. Instead, the two researchers had to connect an OBD-II plug to the vehicle’s onboard diagnostics port, which they used to mess with the vehicle’s CAN bus connection.
While Fiat Chrysler Automobiles’ recall action that targeted 1.4 million vehicles has made them safe from wireless hacking, the tricks performed by the two safety researchers can be done without any interference with the multimedia unit.
Even though they admitted using a car that operated the pre-recall version of the UConnect infotainment system, the pair of researchers explained that the hack demonstrated has nothing to do with the multimedia unit, Wired notes.
Instead, using the CAN bus of a vehicle and sending it various commands and signals, the ECU’s security thresholds were overridden, and the team was able to gain full control over the steering, braking system, and the throttle.
The latter was only accessible with the aid of the cruise control system, which was exploited to raise the vehicle’s velocity by tens of miles per hour without any driver input.
The two researchers even crashed their car while performing tests and demonstrations, as one of the videos below shows. In the case of the said video, the steering is controlled by someone who is not at the wheel, and the car is made to turn suddenly by a large margin. The SUV then winds up in a ditch.
The team of safety researchers has asked all automakers to safeguard the OBD II port and the CAN bus of each vehicle with physical means, so that they would not be accessible to a hacker without placing a controller there and operating it remotely.