July 26, 2015
Imagine you’re driving to work when all of a sudden your car’s radio starts blasting, your windshield wipers turned-on and your brakes are disabled? That happened last week, albeit in a somewhat controlled environment, when a pair of good-guy hackers demonstrated to the world that they could remotely control a vehicle. Industry insiders have coined the technology “Boston brakes/Hastings” and suggest spooks have had access to the technology for some time.
“We were able to do everything we did last time we did this (test), steering, breaking, lock and unlock the doors turn on the high beams basically anything that was controllable by the in car network,” Chris Valasek told CNNMoney.
Chrysler owners will be happy to learn that the hackers kept the car giant in the loop while they researched and tested their cyber capabilities. Luckily Chrysler had a fix ready to go and owners of the recalled vehicles should go to their local dealer to get a memory stick that contains an update fix. The company released a statement saying: “The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.”
In an increasingly technological world, the two good-guy hackers also highlighted the vulnerabilities within vehicles by controlling the car from a computer 10 miles away. However, Valasek, a former National Security Agency (NSA) hacker and Twitter engineer, said he could locate a number of cars via GPS in states across the country. That notion is particularly alarming. Valasek’s partner in the project, Charlie Miller received funding from the DoD Defense Advanced Research Projects Agency more commonly known as DARPA. The $80,000 federal grant was used to purchase a Toyota Prius and a Ford Escape and took the cyber security experts less than a year to successfully remote control a car through hacking its software.
So why would good-guy hackers undergo this research project for little to no pay? “What I really want is for them to design secure cars and include detection mechanisms. They can’t do that in three days. This is the most we could hope for,” Miller explained to Wired.
The pair also presented their research at the “Black Hat” convention, where another notable hacker, Barnaby Jack, made a spectacular demonstration at a prior Black Hat event by making an ATM spit out cash. Jack himself died under suspicious circumstances just days before he was scheduled to reveal a hack into a pacemaker two years ago.
The hacking technology concern is very real. Most American’s rely on their smart phones and automobiles to travel everyday and with an uptick in terrorism around the world it’s not a stretch to believe the terrorists are paying attention to this type of information.
Shortly after the Jeep hack was announced Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) introduced the “Security and Privacy in Your Car Act of 2015.” The SPY Car Act establishes cyber security and numerous requirements for new automobiles. The car manufacturers would also be required to inform consumers about the risks of remote car hacking. A report from Senator Markey, “detailed major gaps in how auto companies are securing connected features in cars against hackers.”
Perhaps even more disconcerting is the possibility that hackers could takeover a passenger airplane. There have been a couple reports of hackers breaching an airplane’s WiFi system on the plane, although all admitted they were never able to control a plane from 30,000 feet, let alone a remote computer.
Chris Roberts, a cyber security expert told CNNMoney that “maybe 20 times he had plugged his laptop into the box underneath his plane seat and viewed sensitive data from the avionics control systems. He was unclear whether he could actually control anything from that position.” The FBI also promptly escorted him off the plane. But could he remotely access the plane? He went on to explain: “A hacker would need to board a plane, leave a device on board that’s hooked up to the physical plane and inflight Wi-Fi. Then, the hacker would have to send it messages later. With those two things you could theoretically perform remote attacks.”
But, it’s worth pointing out that eleven passenger planes went missing in Libya after the close of the US embassy and the country descended into civil war. Intelligence agencies have confirmed they are fearful the planes could be used to inflict significant terrorist attacks against Western allies.
© Copyright 2015 Kimberly Dvorak All Rights Reserved.