
This Time, Miller and Valasek Hack the Jeep at Speed - adamnemecek
http://www.darkreading.com/vulnerabilities---threats/this-time-miller-and-valasek-hack-the-jeep-at-speed/d/d-id/1326468
======
jxcl
As long as there's no possibility of a remote exploit, this actually seems
pretty cool. You're telling me I can plug a computer into my jeep and automate
things?

Maybe I want to have the car roll the windows down for a while if the interior
temperature gets too high. Maybe I can get my own version of climate control
by controlling the AC via the CAN bus. Or maybe I can use my dashcam and some
CV software to automatically switch my high beams on and off for oncoming
traffic. It's actually pretty exciting.

~~~
gremlinsinc
Isn't the hack supposed to expose the fact that there is a weakness and
openness to attack? -- if they can hack a remote car any hacker could
potentially do the same -- and then killing someone via remote hack would be a
lot easier... we might start to see serial killers hiding behind the internet

~~~
toomuchtodo
Indeed. Sending CAN frames directly is essentially a remote privilege
escalation (think sudo user with no password). One of the shining examples of
this done properly is Tesla; they have a gateway that you can issue commands
to over the internal network, but it alone issues the CAN commands. You cannot
issue CAN commands directly.

[https://youtu.be/KX_0c9R4Fng?t=38m40s](https://youtu.be/KX_0c9R4Fng?t=38m40s)

~~~
schoen
Do people who design these things end up making a lot of puns about CAN and
CANNOT?

------
macintux
> During a recent test-drive on a country road outside St. Louis, their
> steering-wheel hack sent the Jeep into a muddy ditch, and they got stuck.

Guys, either get access to a track for testing or do this virtually. Tired of
seeing them risk others' lives.

~~~
btreesOfSpring
Here is the video[0] of their St. Louis country road test. You can evaluate
the relative dangers to others accordingly.

[0] [https://youtu.be/ONDSAMfNGP0](https://youtu.be/ONDSAMfNGP0)

~~~
macintux
Honestly I don't care how remote it is. Maybe someplace in the southwest where
they have effectively unlimited visibility, but as I grumbled about after the
journalist PR stunt, they don't really know the possible outcomes of their
tinkering.

Even in a non-hacking scenario there are plenty of weird edge cases that can
arise in car computer systems. Catch any of John Hughes' talks about
QuickCheck and he'll describe finding perverse bugs that would take a
combination of specific inputs and could result in very negative outcomes for
the driver.

