A reporter for Wired somehow got himself mixed up in a terrifying technological experiment, agreeing to drive a Jeep while two hackers overtook the vehicle’s onboard entertainment system and gained access to the SUV’s electronic brains, taking control out of the driver’s hands.
Andy Greenberg knew full well that Charlie Miller and Chris Valasek were going to infiltrate the vehicle’s operating systems. He didn’t know when, exactly, they’d take over or what they intended to do, only that they promised him he wouldn’t be in any real danger.
At first, the remotely controlled Jeep drove normally enough, with Miller and Valasek playing around with the radio dial and volume, turning on the windshield wipers and cranking the air conditioning. In a particularly ego-driven, jokey move, they even made an image of the two of them appear on the Jeep’s digital display, Greenberg writes on Wired.
He was proud of himself for keeping his composure… until Miller and Valasek cut the vehicle’s transmission.
Greenberg recounts the harrowing situation:
Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.
At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.
“You’re doomed!” Valasek shouted, but I couldn’t make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.
I followed Miller’s advice: I didn’t panic. I did, however, drop any semblance of bravery, grab my iPhone with a clammy fist, and beg the hackers to make it stop.
He was later able to regain control of the vehicle by turning off the engine and turning it back on, then driving to a deserted parking lot to continue the experiment.
Greenberg had worked with Miller and Valasek in the past as they hacked into various vehicles’ computerized brains, with Miller once noting that “When you lose faith that a car will do what you tell it to do, it really changes your whole view of how the thing works.” But that was back when laptops had to be wired into a vehicle’s diagnostic port, the same thing a mechanic uses to find problems with a car at a shop.
It’s worth noting that both men have respectable day jobs: Miller is a security researcher for Twitter and previously worked as a hacker for the National Security Agency; Valasek is director of vehicle security research at IOActive, a consulting firm.
As more vehicles come with features that bring them into the realm of “smart” devices, hackers will find ways to override safety systems, disable GPS sensors to hide their tracks if a vehicle is stolen or use that same system to find particularly attractive vehicles to steal.
Some members of the US Congress are trying to protect consumers from such threats. Sens. Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced legislation Tuesday morning that would require the National Highway Traffic Safety Administration and the Federal Trade Commission to create standards to secure vehicles while protecting drivers’ privacy.
Named the Security and Privacy in Your Car (SPY Car) Act, the legislation, if enacted, would create a rating system to inform consumers how well a given vehicle can protect a driver’s privacy beyond those standards.
They don’t want to eliminate “smart” vehicles, but to ensure that consumers who purchase them are safe.
“Drivers shouldn’t have to choose between being connected and being protected,” Markey said in a statement he and Blumethal released Tuesday. “We need clear rules of the road that protect cars from hackers and American families from data trackers.”
“Automakers have left cars unlocked to hackers and data-trackers,” Blumenthal adds. “This common-sense legislation protects the public against cybercriminals who exploit exciting advances in technology like self-driving and wireless connected cars… Security and safety need not be sacrificed for the convenience and promise of wireless progress.”
For what it’s worth, Wired’s Greenberg says the Miller and Valasek hacked the Jeep in preparation for a talk they’re giving at a Black Hat security conference in Las Vegas next month.