Wireless Carjacking: Is your vehicle vulnerable to hackers?

24th July 2015

Researchers in the US recently showed Wired magazine that they could remotely take control of a car from a sofa 10 miles away and crash it into a ditch.

As part of a staged demonstration, former NSA employee - Charlie Miller, and IOActive researcher - Chris Valasek, were able to take control of the dashboard controls, steering, brakes and transmission of a Jeep Cherokee.

They did so by sending data to its entertainment and navigation system via a mobile phone network, using only a laptop, mobile phone and wireless internet connection.

Wired reporter, Andy Greenberg, was the driver of the vehicle throughout the demonstration and describes how he was travelling at 70mph on the interstate when the hackers signalled the start of their attack, blasting cold air from the air vents at the maximum setting.

The radio was then switched to a different station and the volume was cranked up to the maximum level. Greenberg described how he desperately tried to regain control of the on-board entertainment system, but the controls had been rendered useless by the hack.

He goes on to describe how windscreen wiper fluid started splashing against the windshield, obscuring his view, as a live video feed of the hackers appeared on the digital display screen of the entertainment system. The hackers were then able to cut the transmission of the car and reduce the speed to a gradual crawl. Miller and Valasek were also able to kill the engine, abruptly engage the brakes abruptly and disable them altogether throughout the demonstration.

Greenberg describes how the most disturbing manoeuvre was when the hijackers cut the Jeep’s brakes, leaving him frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.

Over 470,000 cars at risk

This hack was the first of its kind, but it is estimated that it could be replicated in more than 470,000 cars made by Fiat Chrysler, which includes vehicles being driven in the UK.

However, the cyber-security experts have stressed that it would be easy to make modest adjustments to their code and attack other types of vehicles.

The hack was made possible by Fiat Chrysler’s ‘Uconnect’ facility, which controls the entertainment system, deals with navigation and allows mobile phone connectivity. The Uconnect system also allows owners to remotely start the vehicle, unlock doors and flash the headlights using a mobile app.

To take control of a vehicle via this facility however, a hacker would first need to obtain the Internet Protocol (IP) address of the vehicle, which is regenerated each time the car is started. This makes it difficult to target a specific vehicle, however random attacks are highly plausible.

“Anything that connects to the outside world is an attack vector, from my point of view”, Valasek said. He warns that manufacturers, who are racing to add new Internet-connected features, should work much harder on creating safe capability for automatic over-the-air software updates, segregation of on-board entertainment and engineering networks, and intrusion-detection software for stopping improper commands.

Chrysler has since issued a fix for the most serious vulnerability involved, but it has to be installed manually, either by a dealership mechanic or manually via USB. It can be downloaded here.

Attackers could also use DAB radios to seize control of vehicles

In addition to mobile internet services, Manchester-based information assurance company, NCC Group, has identified that Digital Audio Broadcasting (DAB) provides another platform for potential hackers to seize control of a vehicle's brakes and other critical systems.

Although NCC’s research has been restricted to laboratories, the company’s finding point to a much wider problem.

Research director at NCC – Andy Davis, explains that because infotainment systems process DAB data to display text and pictures on car dashboard screens, an attacker could send code that would let them take over the system.

“Once an infotainment system had been compromised,” he said, “an attacker could use it as a way to control more critical systems, including steering and braking.”

“Depending on the power of the transmitter, a DAB broadcast could allow attackers to affect many cars at once.”

“As this is a broadcast medium, if you had vulnerability within a certain infotainment system in a certain manufacturer's vehicle, by sending one stream of data, you could attack many cars simultaneously,” said Davis. Mr Davis explained that he had previously compromised a real vehicle's automatic-braking system - designed to prevent it crashing into the car in front - by modifying an infotainment system, and he believed this could be replicated via a DAB broadcast.

However, he declined to publicly identify which specific infotainment systems he had hacked.

In a demonstration to BBC Radio 4’s PM programme, Davis was able to create a DAB station using low cost, off-the-shelf components connected to a laptop.

“[A hacker] would probably choose a common radio station to broadcast over the top of, to make sure they reached the maximum number of target vehicles.”

The UK's Society of Motor Manufacturers and Traders has responded by saying that car companies "invest billions of pounds to keep vehicles secure as possible".

What are your thoughts on remote carjacking? Will it become a problem for motorists? Will it spell the end of self-drive features or wireless infotainment systems? – Leave your opinion in the comments section below.

Looking to save time and money on your car insurance?
Call the experts today:

Call from a mobile
0333 003 3270

Or FREE from a landline
0800 298 2190

Call Wiser is a trading name of Be Wiser Insurance Services Ltd. Registered in England No. 6097813. Be Wiser Insurance Services Ltd are Authorised and Regulated by the Financial Conduct Authority 465471

Call Wiser, Riverside House, 35-37 Bridge St, Andover, Hampshire, SP10 1BE, 0333 003 3270, general@callwiser.co.uk