It’s probably a motorist’s greatest fear – driving down a highway only to suddenly lose control of the car. Seven years ago, that’s exactly what happened to Andy Greenberg in a Jeep Cherokee. The only thing was that it wasn’t unexpected – it was planned. Two white hat hackers remotely accessed the Jeep Cherokee and put it through a range of mini-tests to see just what they could get it to do from afar. The fact that it was intended didn’t stop it from being a wholly terrifying experience. It also pointed out some of the greatest security flaws in modern vehicles. So what exactly happened on that day, and is SUV security better than it was in 2015?
A 2015 Jeep Cherokee was remotely hacked, with terrifying results
In 2015, two hackers remotely accessed a Jeep Cherokee. Inside the Jeep Cherokee was Andy Greenberg, a writer with Wired magazine. The hackers, Charlie Miller and Chris Valasek, were able to get the Jeep Cherokee to do a whole bunch of things that Greenberg had no control over. Some of these things were pretty dangerous, and also point out just how vulnerable the SUVs, cars, and trucks we drive can be to an attack.
Some of the unintended events during the hacking included drastic air conditioner changes, the radio station and volume being changed remotely, and the windshield wipers coming on, complete with windshield wiper fluid.
Even worse, Miller and Valasek eventually messed with the Jeep Cherokee’s transmission, turning it off on the highway. This was followed by the Cherokee being unable to accelerate, a close call with a semi truck, and eventually end up on the side of the highway. This was a blow for SUV security.
The Jeep Cherokee was intentionally hacked
It may be surprising, but the Jeep Cherokee that Greenberg was driving was being hacked on purpose. The hackers, Miller and Valasek, had spent a year researching car hacking and needed someone to test out what they’d learned. They’d developed a code that could access Jeep Cherokees across the country with a laptop located anywhere.
Other things that the two hackers were able to accomplish while remotely attacking the Cherokee included “functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether.”
Is SUV security better today?
It’s been seven years since that Jeep Cherokee was famously hacked. Have things gotten better for automotive cybersecurity? The answer is, kind of. There are still a lot of risks involved in modern vehicles. This is thanks to the technology used for features like infotainment systems and also navigation systems. As our technology advances, the risks increase. It’s an ever-changing situation. That isn’t the only change. In addition, Miller and Valasek communicated with Jeep’s then-parent company Chrysler to patch the vulnerabilities that allowed the attack. Chrysler was less than enthused about the news. Still, it did attempt to issue a repair.
There is some legislature going through the proper channels. Some of these continue to work their way through. Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) are attempting to get the National Highway Traffic Safety Administration (NHTSA) to be forthcoming about automotive cybersecurity threats as well as proactive. The NHTSA has also issued a Cybersecurity Best Practices for the Safety of Modern Vehicles document which outlines preventative measures and risks to today’s connected cars.
The automotive world should continue to increase the security of modern SUVs and hopefully independent organizations like the NHTSA will hold them accountable until they do. After all, no one wants to be in an SUV that’s remotely hacked.