Hackers Virtually Hijack Jeep Cherokee - Crash it from miles away - Defender Source
Defender Source  

Go Back   Defender Source > Non-Technical Discussions > Misc. Chit-Chat


Reply
 
Thread Tools
  #1  
Old July 21st, 2015, 05:47 PM
rijosho's Avatar
rijosho
Status: Offline
Joshua
1995 Black ST - Rhinolined edition
Research Assistant/Eagle Eyes
 
Join Date: Apr 2009
Location: NYC
Posts: 16,557
Registry
Hackers Virtually Hijack Jeep Cherokee - Crash it from miles away

Pretty crazy.

http://www.nydailynews.com/news/nati...icle-1.2299381

Watch the video here: Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED

Two hackers hijacked the controls of a speeding Jeep Cherokee and cut the engine on a St. Louis highway all from laptops miles away.

They later steered the SUV around an empty parking lot, disabling the brakes as the driver pumped the useless pedal and crashed head-on into a ditch.

The terrifying stunt, conducted with the help of a reporter for Wired, revealed a potentially fatal flaw in the growing number of high-tech rides.

Hackers Charlie Miller and Chris Valasek claim nearly a half-million vehicles are vulnerable across the country and the numbers are growing.

This is what everyone who thinks about car security has worried about for years, Miller told Wired. This is a reality.

The virtual backseat drivers can slip in through a vehicles smartphone-friendly entertainment system and wreak havoc on other computer-controlled operations basically everything in modern automobiles.

Miller and Valasek, both cybersecurity researchers, claim theyve warned carmakers about the danger for years but no one took them seriously so they decided to prove it.

The two sent Wired reporter Andy Greenberg on the road in a Jeep and launched a cyber attack as he hit speeds of 70 mph on a Missouri highway.

Most of the attacks were minor playing rapper Skee-Lo at full volume, flipping on the windshield wipers until they cut the transmission as a tractor-trailer closed in from behind.

As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl, Greenberg wrote in his alarming report. This occurred just as I reached a long overpass, with no shoulder to offer an escape.

Jeeps are the most vulnerable, but hundreds of thousands of vehicles using similar online technology are at risk, the hackers said.

Miller and Valasek see their work as a public service. Theyve been sharing their findings with carmakers in hopes of goading them into security reforms before someone gets killed.

Unimpressed by the sluggish response, they plan to release their code at the Black Hat hackers convention in August so it can be peer-reviewed.

Sen. Ed Markey (D-Mass.) and Sen. Richard Blumenthal (D-Conn.) plan to introduce a bill that would address the problem with new security standards for automakers.

Cyber security experts say the St. Louis demonstration proves the industry needs to move fast.

If consumers dont realize this is an issue, they should, and they should start complaining to car companies, Miller told Wired. This might be the kind of software bug most likely to kill someone.
__________________
Quote:
I am talking purely from an aesthetics standpoint.
Reply With Quote
Sponsored Links
Advertisement
 
  #2  
Old July 21st, 2015, 05:50 PM
The Dro
Status: Offline
Dro
1988 Ninety
Member
 
Join Date: Jan 2010
Location: Annandale, VA
Posts: 6,692
Registry
Aren't we glad we drive shitty Series and Defenders.
__________________
Mine is NTO... It was new, Now I'm Taking it Off.
Quote:
Online speculation will not replace onsite inspection.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
  #3  
Old July 21st, 2015, 05:59 PM
cgalpin's Avatar
cgalpin
Status: Offline
Charles Galpin
'94 D90 ST, '63 SeriesIIA
Site Team
 
Join Date: Jan 2004
Location: South Riding, VA
Posts: 11,625
Registry
They don't say in the article, but usually these kinds of attacks take physical access and are not as easy to do as they say. But yes, cars have little to no security built in and it's only a matter of time this sort of thing is going to start happening.
__________________
Quote:
Originally Posted by pendy
I'm here for the D's
Reply With Quote
Sponsored Links
Advertisement
 
  #4  
Old July 21st, 2015, 06:00 PM
leastonce's Avatar
leastonce
Status: Offline
Jason England
D-90 White 95 SW #65
Site Team
 
Join Date: Jul 2009
Location: NYC
Posts: 6,078
Registry
Basically they hacked a chip in the entertainment system to act as a proxy to inject codes onto canbus...

In all networks we need to move from trust but verify ( where no-one bothers to verify ) to a zero trust network.

This would mean every device on the car network would need to authenticate itself to communicate with each other.

The underlying principle is assume your network is already compromised and deal with that paradigm.

Unfortunately no one is willing to bare the costs associated with doing this properly and net result is nothing is safe.

Yeah Josh ... The NSA / Chinese military spooks idle their day away watching your dog on your dropcam ...making him chew furniture by playing subliminal messages via your stereo.
__________________
Quote:
Soapy water / KY jelly, etc. is is basically a must. Yes, good idea to remove trim panels - only takes 5 more minutes to do so.
Car Camping Collective founding member and Chief Executive Officer
Cat Camping Collective founding member and Chief Executive Officer
Reply With Quote
  #5  
Old July 21st, 2015, 07:34 PM
cgalpin's Avatar
cgalpin
Status: Offline
Charles Galpin
'94 D90 ST, '63 SeriesIIA
Site Team
 
Join Date: Jan 2004
Location: South Riding, VA
Posts: 11,625
Registry
You know you can turn it off when you don't want to share with the NSA right?
__________________
Quote:
Originally Posted by pendy
I'm here for the D's
Reply With Quote
  #6  
Old July 21st, 2015, 07:45 PM
rijosho's Avatar
rijosho
Status: Offline
Joshua
1995 Black ST - Rhinolined edition
Research Assistant/Eagle Eyes
 
Join Date: Apr 2009
Location: NYC
Posts: 16,557
Registry
Quote:
Originally Posted by JSBriggs View Post
And you guys laugh at me for not having a cell phone... -Jeff
You do know the NSA tracks the thank you button here and G-chat right?
__________________
Quote:
I am talking purely from an aesthetics standpoint.
Reply With Quote
  #7  
Old July 21st, 2015, 07:45 PM
sonoronos's Avatar
sonoronos
Status: Offline
Ed
None
Member
 
Join Date: May 2010
Location: Arlington, VA
Posts: 5,547
Registry
or car mfgs could stop connecting wireless components to the canbus. i.e. commercial airliners.
Reply With Quote
  #8  
Old July 21st, 2015, 07:53 PM
The Dro
Status: Offline
Dro
1988 Ninety
Member
 
Join Date: Jan 2010
Location: Annandale, VA
Posts: 6,692
Registry
Quote:
Originally Posted by rijosho View Post

You do know the NSA tracks the thank you button here and G-chat right?
Fuck.... I'm in deep shit
__________________
Mine is NTO... It was new, Now I'm Taking it Off.
Quote:
Online speculation will not replace onsite inspection.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
  #9  
Old July 21st, 2015, 08:28 PM
Rocky's Avatar
Rocky
Status: Offline
Chris
72 + D1 drivetrain
Member
 
Join Date: Sep 2006
Location: Colonies Aka Boston
Posts: 8,794
Quote:
Originally Posted by The Dro View Post
Fuck.... I'm in deep shit
You used Ashley Madison didn't you?
__________________
A friend of mine runs a land rover / range rover specialty repair shop. Based on his experience, they are capable of stopping anywhere, anytime, at any cost.

I don't know about the brakes, only their unreliability.
Reply With Quote
  #10  
Old July 21st, 2015, 08:47 PM
hillstrubl's Avatar
hillstrubl
Status: Offline
Danny
2005 Disco 3
Member
 
Join Date: Mar 2010
Location: Philly, USA
Posts: 1,596
Quote:
Originally Posted by Rocky View Post
You used Ashley Madison didn't you?
No, somebody stole my identity!

-----

I saw the article, the access was wireless via the Cellular/Uconnect system to a compromised chip in the entertainment center as mentioned above. This was only a matter of time! I used to be in IT security and people always wonder why I like mechanically injected, manual transmission vehicles with as little electronics as possible... Headlights and wipers!
__________________
~2005 Disco 3 "Moneypenny"
~2008 GTI TSI
~If you can read this, thank a teacher. If you are reading this in English, thank a Veteran.
Reply With Quote
  #11  
Old July 21st, 2015, 09:07 PM
leastonce's Avatar
leastonce
Status: Offline
Jason England
D-90 White 95 SW #65
Site Team
 
Join Date: Jul 2009
Location: NYC
Posts: 6,078
Registry
Quote:
Originally Posted by sonoronos View Post
or car mfgs could stop connecting wireless components to the canbus. i.e. commercial airliners.
Genie is out of the bottle ...

I'm just waiting for the claims of 'my car must have been hacked' as a defense for an accident!
__________________
Quote:
Soapy water / KY jelly, etc. is is basically a must. Yes, good idea to remove trim panels - only takes 5 more minutes to do so.
Car Camping Collective founding member and Chief Executive Officer
Cat Camping Collective founding member and Chief Executive Officer
Reply With Quote
  #12  
Old July 21st, 2015, 09:14 PM
hillstrubl's Avatar
hillstrubl
Status: Offline
Danny
2005 Disco 3
Member
 
Join Date: Mar 2010
Location: Philly, USA
Posts: 1,596
Quote:
Originally Posted by leastonce View Post
Genie is out of the bottle ...

I'm just waiting for the claims of 'my car must have been hacked' as a defense for an accident!
#Nailedit
__________________
~2005 Disco 3 "Moneypenny"
~2008 GTI TSI
~If you can read this, thank a teacher. If you are reading this in English, thank a Veteran.
Reply With Quote
  #13  
Old July 22nd, 2015, 04:22 AM
LuisC's Avatar
LuisC
Status: Offline
Luis Constantin
98 Disvovery 1 LE
Member
 
Join Date: Dec 2012
Location: Austin,Texas USA
Posts: 1,900
Registry
Quote:
Originally Posted by hillstrubl View Post
----- I saw the article, the access was wireless via the Cellular/Uconnect system to a compromised chip in the entertainment center as mentioned above. This was only a matter of time! I used to be in IT security and people always wonder why I like mechanically injected, manual transmission vehicles with as little electronics as possible... Headlights and wipers!
Just because some of us have older vehicles with no electronics doesn't put us out of reach of hackers.
You can be driving down the highway and all of a sudden a bunch of cars or 18-wheelers around you start swerving aimlessly under a hackers control.
And you're in the middle of it all.
__________________
Black Rhino Lives Matter
Reply With Quote
  #14  
Old July 22nd, 2015, 07:33 AM
rijosho's Avatar
rijosho
Status: Offline
Joshua
1995 Black ST - Rhinolined edition
Research Assistant/Eagle Eyes
 
Join Date: Apr 2009
Location: NYC
Posts: 16,557
Registry
Quote:
Originally Posted by LuisC View Post
Just because some of us have older vehicles with no electronics doesn't put us out of reach of hackers. You can be driving down the highway and all of a sudden a bunch of cars or 18-wheelers around you start swerving aimlessly under a hackers control. And you're in the middle of it all.
I figured that was the entire point of owning vehicles that do not NEED roads.
__________________
Quote:
I am talking purely from an aesthetics standpoint.
Reply With Quote
  #15  
Old July 22nd, 2015, 09:04 AM
LRNAD90's Avatar
LRNAD90
Status: Offline
Scott T
1995 Defender 90 ST
Member
 
Join Date: Dec 2003
Location: Maryland
Posts: 1,265
Registry
And Five years ago..

http://www.defendersource.com/forum/...ked-27333.html
__________________
~Scott T.
'95 D-90 ST - AA Yellow
"If you're not living on the edge, you're taking up too much space!"


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
  #16  
Old July 22nd, 2015, 09:11 AM
cellulararrest's Avatar
cellulararrest
Status: Offline
Chris Snyder
1994 D90 #614 | '07 L322 SC
Member
 
Join Date: Feb 2006
Location: Newburyport, MA
Posts: 1,544
Quote:
Originally Posted by cgalpin View Post
They don't say in the article, but usually these kinds of attacks take physical access and are not as easy to do as they say. But yes, cars have little to no security built in and it's only a matter of time this sort of thing is going to start happening.
The scary part about this one is that it doesn't. They're just rooting the thing via the cellular internet connection in the car. Just like rooting any other machine.
Reply With Quote
  #17  
Old July 22nd, 2015, 10:07 AM
LRNAD90's Avatar
LRNAD90
Status: Offline
Scott T
1995 Defender 90 ST
Member
 
Join Date: Dec 2003
Location: Maryland
Posts: 1,265
Registry
Quote:
Originally Posted by cellulararrest View Post
The scary part about this one is that it doesn't. They're just rooting the thing via the cellular internet connection in the car. Just like rooting any other machine.
Anyone see the movie "The Terminator?" We are doing it to ourselves..

Quote:
Originally Posted by JSBriggs View Post
And you guys laugh at me for not having a cell phone...
-Jeff
And I thought I was the only one..
__________________
~Scott T.
'95 D-90 ST - AA Yellow
"If you're not living on the edge, you're taking up too much space!"


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
  #18  
Old July 22nd, 2015, 12:29 PM
flippedrover's Avatar
flippedrover
Status: Offline
Tyler
'94 D-90
Member
 
Join Date: Dec 2003
Location: Ashburn,va
Posts: 3,125
Quote:
Originally Posted by LuisC View Post
Just because some of us have older vehicles with no electronics doesn't put us out of reach of hackers. You can be driving down the highway and all of a sudden a bunch of cars or 18-wheelers around you start swerving aimlessly under a hackers control. And you're in the middle of it all.
so a typical daily drive on DC area roads. Oh wait they aren't hacked.
__________________
Can't you feel 'em circlin' (closin'in) honey?
Can't you feel 'em swimmin' around?
You got fins to the left, fins to the right,
and you're the only bait in town.
You got fins to the left, fins to the right,
and you're the only girl in town.

Jimmy Buffett


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
  #19  
Old July 22nd, 2015, 01:18 PM
sonoronos's Avatar
sonoronos
Status: Offline
Ed
None
Member
 
Join Date: May 2010
Location: Arlington, VA
Posts: 5,547
Registry
Quote:
Originally Posted by cellulararrest View Post
The scary part about this one is that it doesn't. They're just rooting the thing via the cellular internet connection in the car. Just like rooting any other machine.
The silly thing to me is that it's not a surprise. It's like connecting the internet to a black network and wondering why the classified network got hacked. Sneakernets exist for a reason.

What I really think is a terrible idea is strong-arming the auto industry into encrypting canbus traffic. If that's where this is heading, this is just going to make costs increase for vehicles.

The simple solution is to just not create a connection between external networks and the vehicle bus. Security 101. Jeep's radio supplier violated this and screwed up.

Same thing goes for the A380. Airbus uses unencrypted CANBUS traffic on one of the most expensive vehicles ever made. If you think a remotely piloted jeep is scary, think about an aircraft carrying 82,000 gallons of aviation fuel and 850 humans. The designers of the aircraft use common sense and prevent these sorts of attacks by a zero-cost principle: isolation.
Reply With Quote
  #20  
Old July 22nd, 2015, 01:37 PM
Rocky's Avatar
Rocky
Status: Offline
Chris
72 + D1 drivetrain
Member
 
Join Date: Sep 2006
Location: Colonies Aka Boston
Posts: 8,794
All those wifi enabled cars out there.....zombie apocalypse by auto...
__________________
A friend of mine runs a land rover / range rover specialty repair shop. Based on his experience, they are capable of stopping anywhere, anytime, at any cost.

I don't know about the brakes, only their unreliability.
Reply With Quote
Reply

Lower Navigation
Go Back   Defender Source > Non-Technical Discussions > Misc. Chit-Chat

Tags
ac

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Feeler WTS 1998 Jeep Cherokee Sport Shep29 For Sale - Vehicles 4 March 2nd, 2013 01:12 PM
So as not to hijack Ron's 911 thread..... GYM Misc. Chit-Chat 0 April 25th, 2008 12:02 PM
2008 Jeep Cherokee Diesel Defender13 Misc. Chit-Chat 32 February 13th, 2008 07:41 PM
1988 Jeep Cherokee XJ 4.0 4x4 Auto - $600 NJ mudrover For Sale - Vehicles 0 June 13th, 2005 08:03 PM
Virtually new BFG A/T 265/75 non-KO jvelador For Sale - Parts 1 December 19th, 2003 12:37 PM


All times are GMT -5. The time now is 05:24 AM.


Copyright