Two cybersecurity experts hacked a journalist’s car while he was driving his car to prove how internet-connected vehicles are vulnerable.
Charlie Miller, former NSA hacker now at Twitter and IOActive researcher Chris Valasek gained control of Wired.Com journalist Andy Greenberg’s Cherokee Jeep which was speeding at more than 100 km per hour.
“Jeep Cherokee started blasting cold air at the maximum setting… Next the radio switched to the local hip hop station…Then the windshield wipers turned on, and wiper fluid blurred the glass,” wrote Greenberg.
Using a feature in the Fiat Chrysler telematics system Uconnect, Miller and Valasek took the control of the vehicle.
“There are hundreds of thousands of cars that are vulnerable on the road right now,” Miller has told Reuters.
Fiat Chrysler has issued a patch which will be available at the company’s site and dealerships.
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems,” the company said.
The pair said that they have been working with Fiat since October for the fix and would present a paper in August at the Def Con security conference which will include their remote access code.
The proven vulnerability of vehicles prompted US Congress members. Two democrat senators, Ed Markey and Richard Blumenthal, introduced a bill for establishing standards ensuring the software safety of cars.