{"id":9395,"date":"2015-07-23T14:43:55","date_gmt":"2015-07-23T18:43:55","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=9395"},"modified":"2018-09-10T12:36:27","modified_gmt":"2018-09-10T16:36:27","slug":"remote-car-hack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/remote-car-hack\/9395\/","title":{"rendered":"Shock at the wheel: your Jeep can be hacked while driving down the road"},"content":{"rendered":"<p>Oops, they\u2019ve done it again: after two successful breaches into the systems of Toyota Prius and Ford Escape, security researchers Charlie Miller and Chris Valasek have recently hacked a Jeep Cherokee.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Hackers remotely kill a Jeep on the highway \u2014 with me in it <a href=\"http:\/\/t.co\/4eQiTtelA4\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/4eQiTtelA4<\/a> <a href=\"http:\/\/t.co\/9bxDTOY5Y0\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/9bxDTOY5Y0<\/a><\/p>\n<p>\u2014 WIRED (@WIRED) <a href=\"https:\/\/twitter.com\/WIRED\/status\/623458457870540800?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 21, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>This hack is even more stunning as the duo found a way to took over a car remotely. Their volunteer victim was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.<\/p>\n<p><i>\u201cAs the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That\u2019s when they cut the transmission.\u201d<\/i><\/p>\n<p>Straight from the source <a href=\"http:\/\/www.wired.com\/2015\/07\/hackers-remotely-kill-jeep-highway\/\" target=\"_blank\" rel=\"noopener nofollow\">Wired\u2019s report<\/a> reveals what was the driver\u2019s reaction to compulsive behavior of his super-smart connected car. Journalist <a href=\"https:\/\/twitter.com\/a_greenberg\" target=\"_blank\" rel=\"noopener nofollow\">Andy Greenberg<\/a>, who was behind the wheel, stated that researchers took control over the car\u2019s brakes and accelerator, as well as other less-essential components like radio, horn and windshield wipers. To do that Chris and Charlie had to hack the entertainment system Uconnect through a cellular network.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Is It Possible to Hack My Car? Find out over at <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Kaspersky<\/a> Daily. <a href=\"http:\/\/t.co\/UOAMP2hb3K\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/UOAMP2hb3K<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/358292731195437057?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 19, 2013<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Fortunately, the situation is not completely unattended. Both the operating system and the car manufacturers are now implementing important and necessary cyber security measures \u2013 you bet they would!<\/p>\n<p>As <a href=\"https:\/\/twitter.com\/nudehaberdasher\" target=\"_blank\" rel=\"noopener nofollow\">Chris Valasek<\/a> said, <i>\u201cWhen I saw we could do it anywhere, over the Internet, I freaked out, I was frightened. It was like, holy fuck, that\u2019s a vehicle on a highway in the middle of the country. Car hacking got real, right then.\u201d<\/i><\/p>\n<p>Unfortunately, all these important measures are <b>insufficient<\/b>. Software giants like Microsoft and Apple spent years developing efficient ways to patch security holes in their products. The car industry simply does not have this time. Besides, <a href=\"https:\/\/www.kaspersky.com\/blog\/progressive-snapshot-car-hacking\/\" target=\"_blank\" rel=\"noopener nofollow\">this is not the first time when cars get hacked<\/a>, but there are still plenty of security problems that nobody seems to be eager to solve.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Chris Valasek &amp; Dr. Charlie Miller, have discovered how easy it can be for a cybercriminal to hack a car: <a href=\"http:\/\/t.co\/37d5duTKXT\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/37d5duTKXT<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/369835077133668352?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 20, 2013<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>There could be other vehicles with the same flaw. Miller and Valasek did not check any cars made by Ford, General Motors or other carmakers. Worse, <a href=\"https:\/\/twitter.com\/0xcharlie\" target=\"_blank\" rel=\"noopener nofollow\">Miller<\/a> says that \u201c<i>a skilled hacker could take over a group of Uconnect head units and use them to perform more scans \u2014 as with any collection of hijacked computers \u2014 worming from one dashboard to the next over Sprint\u2019s network. The result would be a wirelessly controlled automotive botnet encompassing hundreds of thousands of vehicles<\/i>\u201c. A good basis for a terroristic sabotage or a state-initiated cyber attack.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">JUST IN: Jeep Cherokees, Chrysler 200s, Dodge Rams, other cars can be hacked over the Internet <a href=\"http:\/\/t.co\/duTdxfbXiV\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/duTdxfbXiV<\/a> <a href=\"http:\/\/t.co\/CRhqDvfi5Y\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/CRhqDvfi5Y<\/a><\/p>\n<p>\u2014 CNN Business (@CNNBusiness) <a href=\"https:\/\/twitter.com\/CNNBusiness\/status\/623643252625932288?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 21, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u201cAt Kaspersky Lab, we believe that to avoid such incidents, manufacturers should build the smart architecture for cars with two basic principles in mind: isolation and controlled communications,\u201d said <a href=\"https:\/\/twitter.com\/61ack1ynx\" target=\"_blank\" rel=\"noopener nofollow\">Sergey Lozhkin<\/a>, Senior Security Researcher at GReAT, Kaspersky Lab.<\/p>\n<p>\u201cIsolation means that two separate systems cannot influence one another. For example, the entertainment system shouldn\u2019t influence the control system in the way that it did with the Jeep Cherokee. Controlled communications mean that cryptography and the authentication for transmitting and accepting information from\/to the car should be fully implemented. According to the result of the experiment with Jeep we witnessed, the authentication algorithms were weak\/vulnerable, or the cryptography was not correctly implemented.\u201d<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Shock at wheel: your #Jeep can be hacked right on the road with you sitting inside #security #cars #hackers<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F8ZML&amp;text=Shock+at+wheel%3A+your+%23Jeep+can+be+hacked+right+on+the+road+with+you+sitting+inside+%23security+%23cars+%23hackers\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Until security problems are solved on the industry level we all can think about switching to bikes and horses\u2026 or old cars. At least, they can\u2019t be hacked. Security researchers are going to present their findings during the Black Hat conference in August 2015 and we will willingly listen to their report.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Taking over a Jeep Cherokee driving at speed 70 mph at a remote highway is quite real.<\/p>\n","protected":false},"author":522,"featured_media":9396,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[542,651,1027,1171,78,732,97,422,268],"class_list":{"0":"post-9395","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-car-hacking","9":"tag-cars","10":"tag-connected-devices","11":"tag-exploits","12":"tag-hackers","13":"tag-research","14":"tag-security-2","15":"tag-threats","16":"tag-vulnerabilities"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/remote-car-hack\/9395\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/remote-car-hack\/5681\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/remote-car-hack\/5821\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/remote-car-hack\/6480\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/remote-car-hack\/6364\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/remote-car-hack\/8430\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/remote-car-hack\/4718\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/remote-car-hack\/5545\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/remote-car-hack\/5870\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/remote-car-hack\/8332\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/remote-car-hack\/8430\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/remote-car-hack\/9395\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/remote-car-hack\/9395\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/car-hacking\/","name":"car hacking"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=9395"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9395\/revisions"}],"predecessor-version":[{"id":19318,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9395\/revisions\/19318"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/9396"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=9395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=9395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=9395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}