Last month, Wired published an article with a headline that sounds like absurdist science fiction: “Hackers Remotely Kill a Jeep on the Highway—With Me in It.” Two security specialists had figured out how to hack into a Jeep Cherokee’s onboard computers. As an experiment, writer Andy Greenberg took one out on the road, at which point the hackers commandeered the car’s air conditioner, radio, windshield wipers, and—most distressingly—its accelerator and brakes. If they’d wanted to wreck the car or kill the driver, they easily could have.
The hackers had informed Fiat Chrysler, Jeep’s parent company, of their discoveries months earlier. After the road test, the company announced it was recalling 1.4 million vehicles to patch the software problems.
A happy ending to a hair-raising story? No, it turns out, not at all. In early August, the two hackers released a 90-page technical paper at the Black Hat conference in Las Vegas, explaining exactly how they’d found and exploited the Jeep Cherokee’s vulnerabilities—and outlined a number of disturbing implications. I also talked with one of the paper’s authors, Charlie Miller, who drew a few more scary observations.
Here are some of the high (or low) points:
First, the Jeep Cherokee is hardly the only hackable car out there. Miller and his colleague, Chris Valasek, chose it because it seemed to be a particularly easy target and because its price tag fell within their project’s budget. “I doubt other cars have their exact vulnerabilities,” Miller told me, “but there’s no reason to think that they don’t have some sorts of vulnerabilities.” Then he delivered the punchline: “Probably they all do”—that is, probably all modern cars are vulnerable to cyberintrusion.
Second, cars offer many points of entry to a skilled hacker. Most modern cars are filled to the gills with computer-controlled features. The most commonplace are GPS receivers and Google Maps screens, which by necessity are hooked up to the networks. But there are other network-connected functions, too. Many cars can parallel park automatically; to do this, a data link connects the computerized steering mechanism to sensors that measure the car’s distance to the curb and to other nearby cars. Similar data links are needed for functions that reduce a car’s speed if it starts to tailgate, or that inflate a car’s tires if their pressure gets too low. Some cars offer online diagnostic services, so a mechanic can examine and adjust the car’s brakes or transmission—or basically anything about its internal workings—from many miles away.
If hackers disrupted any of these links, they could wreak havoc: send false data to the Google Maps screen, make the car steer wildly (and not just during parallel parking), speed the car up or slow it down (and not just when it’s tailgating), or blow out its tires.
Here’s a thought for your next road trip: In the Jeep Cherokee (and probably many other cars, too), when the online diagnostic service is activated, the brake pedal is automatically deactivated, so that the mechanic can test the brakes. If a hacker turns on the diagnostic function while you’re merrily speeding down the highway, the effect would be as if he slashed your brakes.
Finally, in the Jeep Cherokee, at least until recently, the purely internal computer—the one that monitors the car’s vital functions and makes slight adjustments, if necessary—was wired into the computers hooked up to the cellular network or the Internet. In other words, anyone who hacked into the network would have access to everything. (This is the vulnerability that Chrysler is now patching in the 1.4 million vehicles it recalled. Miller says he doesn’t know whether other car manufacturers link computers in this way.)
So here lies another way for terrorists, gangsters, rogue nations, or spies to make deadly mischief or wage cyberwar. When Miller and Valasek first discovered the vulnerability in the Jeep Cherokee’s central computer, they scanned Sprint’s cellular network, looking for cars with the same signature. Over the course of a few days, they found 2,400 cars (not just Jeep Cherokees) and were able to track their locations through GPS. If they’d wanted, they could have hacked into any of those cars and taken over the steering, brakes, accelerator, or whatever.
So imagine, one fine Labor Day weekend, hundreds of cars across the nation (or maybe concentrated in one area) suddenly go haywire in roughly the same way as the Wired reporter’s car did, but in deadlier fashion. (Instead of slowing down the car, as Miller and Valasek did, they could speed it up.) Thousands or millions of Americans might suddenly fear traveling in their cars.
Or imagine that the car carrying a certain individual—a head of state, ambassador, nuclear scientist, or the No. 3 al-Qaida leader—smashes into oncoming traffic, crashes into a tree, or careens off a bridge. It would be targeted assassination—like a drone strike, but without the drone or the smart bomb it carries. The target is dead, and all appearances would suggest that the driver simply lost control of his vehicle.
Welcome to the world of the Internet of Things, in which every household appliance—and, it seems, cars—can be a carrier of malicious software. This shouldn’t be surprising. As far back as 1996, three analysts with the Terrorism Research Center co-wrote a paper titled “Information Terrorism: Can You Trust Your Toaster?” They were being facetious, sort of, but they’ve proved prescient. (One of the authors, Matthew Devost, is now president of FusionX, one of the leading cybersecurity companies.)
Or go back further. In the mid-1960s, when the ARPANET (the predecessor to the Internet) was about to roll out, a few computer scientists warned that placing information on a network—with online access from many users in unsecured locations—would create inherent vulnerabilities. Countless commissions, panels, and studies issued similar warnings in the ensuing decades—vindicated by countless simulations, war games, and actual hackings (which have been going on for a lot longer than most people think). Yet this didn’t stop networks from proliferating in all realms of life, not least in “critical infrastructures”—gas, electric, rail lines, waterworks, and so forth—which are almost all operated by computerized supervisory control and data acquisition, or SCADA, systems.
These SCADA systems, network-connected cars, the Internet of Things, and the Internet itself all came into being for the same reasons: efficiency and convenience. Scientists wanted to share research without operating more than one computer console. Utility companies want to centralize the distribution and flow of resources. Busy families want their thermostats adjusted when the house gets too hot or cold and want their refrigerators restocked when they’re low on food, without going to the trouble themselves. And drivers want to parallel park without learning how.
Corporations are happy to comply; the technology makes it possible and, with economies of scale, fairly cheap. No one built in provisions for security, because no one thought doing so was necessary—not in the early phases of each new thing; and once the early phase passed, once the new thing was commonplace, drastic changes were all but impossible.
The Wired experiment wasn’t even the first time someone pointed out the vulnerabilities of the computers inside cars. In 2011, a team of scientists at the University of Washington and University of California–San Diego wrote a paper warning of this problem, though, with the discretion of academics, they didn’t identify the sedan that they’d hacked. That paper inspired Miller and Valasek, in 2012, to hack into a Toyota Prius and a Ford Escape (purchased with a research grant from the Defense Advanced Research Projects Agency). But in that test, they plugged their laptops into the car’s computer while they drove it around a parking lot. The novelty of the Wired test was that they did the hacking entirely online—through radio, cellular, and Wi-Fi signals—and on a real road. That was what woke up at least some of the industry.
So are we doomed to the hackable car? Not necessarily. For one thing, Miller told me, “Hacking a car is a lot harder than hacking a computer.” It took him and Valasek a year to find the Jeep Cherokee’s vulnerabilities and devise ways to exploit them. And, it should be noted, Miller is not your everyday recreational hacker. He’s in charge of computer security at Twitter; and before then, from 2000–2005, he worked in Tailored Access Operations—the elite corps of hackers inside the National Security Agency. When the president wants to hack into a terrorist’s email, contaminate a foreign network, or (in the case of the Stuxnet operation) sabotage an Iranian nuclear facility, TAO gets it done.
I asked Miller whether he could have hacked into the Jeep Cherokee more quickly if he’d still been able to draw on the resources of TAO. He said that he supposed he could. I also asked him whether, to his knowledge, TAO had ever gone after a target by exploiting software vulnerabilities in a car. He said that it hadn’t. But the point is, it—or some foreign equivalent—could, and it would be surprising if some spy agency, somewhere, isn’t at least looking into the possibilities. No doubt copycat hackers are doing the same, if just to show that they can.
Car companies could take some mitigating measures. For instance, they could install firewalls between strictly internal computers and those hooked up to networks. There’s no reason for a steering wheel to be hooked up to a network; if you don’t know how to parallel park, learn. Online diagnostic services could be encrypted, with the codes changed periodically. (Miller and Valasek simply bought Chrysler’s diagnostic manuals for a few thousand dollars.) It should also be possible to program these services so that they can’t be activated unless the car is standing still.
But the game of hack-counterhack, which has infected every online enterprise (which is to say, almost every enterprise in everyday life), has entered the arena of the automobile, and there’s probably no way to go back completely. One request before the next technical revolution: Please, drop all plans to build the self-driving car.