Hackers Remotely Take Over Car Travelling At 70 MPH

Hackers control car
Hackers were able to remotely take control of a car travelling at 70 mph and cut the engine. Picture taken February 27. Fabrizio Bensch/Reuters

Hackers have demonstrated how vulnerable modern cars are to remote cyber attacks by cutting a Jeep's engine while it was travelling at 70 mph.

Fiat Chrysler, the parent company of Jeep, recently issued a security update for their Uconnect in-car technology and are urging drivers to update their software after hackers exploited a security hole to remotely control the car's driving systems, including its accelerator and brakes.

The hack, reported by Wired, was carried out by security researchers Charlie Miller and Chris Valasek. The hackers informed Fiat Chrysler of the risk nine months ago and the company released the update on 16 July.

Uconnect is a wireless-enabled system that allows drivers to pair their mobile devices with the vehicle. It has been installed in hundreds of thousands of cars manufactured by the Fiat Chrysler Automobiles (FCA) group since late 2013, according to Wired.

Miller and Valasek demonstrated how, from a remote location 10 miles away, they were able to use the system to take control of a Jeep Cherokee's fans, radio and windscreen wipers, before cutting the engine completely and leaving the vehicle to slow to a crawl on a busy highway.

The revelation comes after a February report by Massachusetts senator Edward Markey, which investigated 50 top car manufacturers to assess their vulnerability to hacking. Markey found that almost all modern cars include wireless technologies, potentially providing inroads to hackers, and that the protection afforded to such technologies was "alarmingly inconsistent and incomplete."

According to Caroline Baylon, a cyber security expert at U.K. think tank Chatham House, hackers could take control of vehicle technology systems for a variety of malicious purposes.

"A vehicle could be hacked in order to cause an accident, as a way to kill someone. It could also be hacked in order to steal data. Since many of the newest cars record data on everywhere you have been, this is very scary from a privacy point of view," says Baylon.

In a statement about the hack released on Wednesday, FCA said: "To FCA's knowledge, there has not been a single real-world incident of an unlawful or unauthorised remote hack into any FCA vehicle." The company added that they would be contacting potentially affected customers to arrange a software update, which could be installed by the drivers themselves or by FCA engineers free of charge.

When the security patch was released on 16 July, FCA explained that vehicle software required updating periodically in a similar manner "to a smartphone or tablet" in order to "reduce the potential risk of unauthorised and unlawful access to the vehicle systems."

Electric vehicles are also vulnerable to cyberattacks, even without wireless tech installed. A report presented at a Singaporean security conference last year claimed that a $100,000 Tesla Model S car could be hacked by unlocking a simple six-figure password.

Fortune reported that almost 300,000 electric cars were sold worldwide last year.

Separately, the BBC also reported Wednesday that a leading British security company has demonstrated how vehicle entertainment systems can be hacked using a laptop and off-the-shelf components. Once hackers have control of the systems, they can use it as a stepping stone to commandeering the car's critical systems, including steering and braking.

Baylon says that the development of new technologies, including driverless cars, means that the automotive industry will have to ramp up its security procedures to protect drivers from targeted cyberattacks.

"It is interesting to think about what this might mean for driverless cars. Presumably, these will be even more electronic and thus even more vulnerable to hacking," says Baylon. "I think there is still a lot of complacency in the industry, a feeling that hacking of cars is a futuristic scenario rather than something that can, will, and already has occurred."