
Hackers Remotely Attack a Jeep on the Highway - SpaceInvader
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
======
tombrossman
Some questions for the researchers, or anyone else who thinks this was okay:

1) Were public roadways and speeds of 70mph absolutely necessary to demo this?

2) What was the plan if the trucker approaching at 70mph hadn't seen the Jeep
stalled early and had to swerve or panic stop, possibly crashing and injuring
themselves or others?

3) Anyone notify the Missouri State Highway Patrol about this? They may be
contacting the researchers with questions about this demo if they weren't
consulted in advance.

4) What's the plan if they trigger a bug in the car software of the people
they had tested this with earlier? The article mentions them tracking people
remotely as they attempt to learn more about the exploit.

I could go on but why bother? In case any of you think this was cool or even
remotely (no pun intended) ethical, I'd like to know if you have a problem
with letting these two test this on a loved one's car. How about they remotely
poke around your husband or wife's car and explore, as long as they promise
not to intentionally trigger anything?

If I ever learned this had been tested on a vehicle I was in, I'd make sure
this cost the researchers dearly.

EDIT: I've just phoned 'Troop C' of the Highway Patrol at their main number,
+1-636-300-2800 and they seemed pretty keen to follow up. The fact that the
vehicle was disabled where there was no shoulder, was impeding traffic, and
the demo not cleared with them in advance has them concerned. I'm all for
testing exploits and security research, but this isn't the right way to do it.
And to film it and post it to a high traffic site is nuts.

~~~
stevendhansen
Calling the police on security researchers...I honestly cannot believe this is
considered acceptable behavior. A much less aggressive (and thoughtful) move
would be to contact the researchers directly. Wow.

Back to the article, I think that this type of exploit will become more and
more common as vehicles become more connected and automated. We need to know
that we can trust the software and firmware running on the devices that
literally have the power of life and death over us. Unfortunately, this is a
VERY complicated issue, and no one has a solution yet AFAIK.

I watched a talk by Cory Doctorow last year where he suggested validation at
the hardware level (a la trusted platform modules), but unlike the typical
TPMs that only allow vendor software to be authenticated, these TPMs would
allow the user to directly authenticate the firmware. If you know the firmware
is good, then each layer can validate the next layer up all the way to the OS.

I have yet to hear of a system that allows the user to directly authenticate
software/firmware at the hardware level. Is anybody working on research of
this nature? Or are there insurmountable problems with this approach?

~~~
tombrossman
Too late to edit my original comment again so I'll post a reply here as a
general reply to those who reacted negatively to my decision to phone the
police.

While I strongly support free speech and believe security researchers should
be given some extra latitude when appropriate, what I saw was not at all
appropriate. I saw two well respected security researchers sitting in a room
like Beavis and Butthead laughing and remotely disabling a vehicle on a multi-
lane interstate highway, like it was a big joke. The reporter in the Jeep
literally says "This is dangerous" and asks urgently for help. This all filmed
and posted to Wired for the world to see, like they are proud of it.

Before working with computers I drove tractor-trailers for a while and was
lucky to achieve a million-mile safe driving award. I have a pretty good idea
of the dangers here and I know that stretch of road well, I've crossed it many
times. I know from experience that a car stopped in the middle of a multi-lane
interstate is one of the most dangerous situations you can be in. I've had
people hit me who didn't see my huge trailer with flashers on and warning
triangles out on a sunny day - it happens quite often. I've seen dozens of
people killed in situations exactly like this. You see it coming and a random
driver just plows into the stopped vehicle.

I exercised my judgement and decided to phone the local Highway Patrol office.
I've read the negative comments and I disagree, I still think it was the
correct thing to do. If you are a researcher and you do something this
dangerous, and are foolish enough to then post it on a high-traffic site like
Wired, I think you forfeit any right to a discreet warning and you deserve to
have the police show up demanding answers to some tough questions.

~~~
mod
You've seriously seen "dozens" of people killed?

~~~
pyre
Is it really inconceivable that someone who has literally driven tractor
trailers more than a million miles has seen dozens of people killed in
accidents?

~~~
throwaway342526
No, not at all. I'm just a regular middle aged driver with perhaps 300k miles
under my belt and I've passed numerous fatal accidents on the roadway.

I just sat back and tried to estimate (since of course, I don't have a CB in
my car and can't follow traffic details like a trucker) but I'd guess I've
driven past at least 5 fatalities -- and that's just fatalities I've noticed
(body on stretcher, read about it on the news later, etc)

------
hoopism
To recap the facts:

\- Man drives car on public highway @ speeds of up to 70mph

\- Hackers turn on windshield wipers and fluid to blur view

\- Hackers Blare music and obscure any comms link to driver

\- Hackers disable vehicle on Highway at location with no shoulder

And there are people who are not only ok with type of experiment but think
there should be more of it.

I understand that these exploits need to get attention... but I really can't
stop thinking about my wife and kids being behind this guy while he shows how
dangerous this can be.

I applaud the person who notified the police.

~~~
the8472
> but I really can't stop thinking about my wife and kids

What about all those wives and kids that would have been endangered if the
flaw had continued to go unfixed and exploited in a more malicious manner?

Can we please not make "BUT THINK OF THE CHILDREN" arguments? Appealing to
emotion makes arguments, well, emotional.

~~~
kbenson
The two options here are not "test on highway with other drivers" and "let
flaw exist with no testing and no exposure". There are _many_ ways to
responsibly test this while not endangering others on a public road. For
example, using a private road, a large empty parking lot, an abandoned
airforce base, the salt flats, etc.

The Mythbusters test stuff like this all the time. What do they do? Use an
abandoned airforce base or the Utah salt flats. Rule number one, _don 't
endanger the public._

~~~
yellowapple
> For example, using a private road, a large empty parking lot, an abandoned
> airforce base, the salt flats, etc.

The researchers did many of these things, according to the article. They were
ignored by auto makers.

~~~
kbenson
If you increase the danger of a situation to increase it's exposure, you can't
be surprised when that causes repercussions. I doubt they will go to jail, but
I do think alerting the authorities was the right call.

In fact, they may have been counting on that. If they _really_ want to
increase the exposure of a story, start a public debate. The easiest way to do
that? Get some public outrage going. They called this all out, they'll need to
deal with the consequences.

~~~
yellowapple
I don't disagree with you on that. The researchers (and WiReD) should
certainly be aware of the risks here, and be prepared to accept the
repercussions thereof.

On the other hand, while two wrongs don't make a right, I'm glad that the
researchers made that choice, so long as said choice results in manufacturers
actually taking car security seriously for once.

------
adamgravitis
So, it's becoming abundantly clear that vehicle companies (autos, jets...)
have approximately zero knowledge how to hire software engineers. Presumably
they're somewhat more successful hiring mechanical engineers because that's
always been their "thing".

It's all well and good for us to chuckle at the terrifying software/systems
decisions being made by these teams, but how do we address the root of the
problem? It's very clear that entire meta-categories of horrific errors are
being made at a very fundamental level. Is this a problem of outsourcing? Of
confusing "coders" with engineers?

And how do we solve it? Shame the software team such that they can never get
hired in a serious role again anywhere? Professionalize the job into a
strictly licensed regime like other branches of engineering?

Whenever I read these types of articles, my main thought has always been, "so
who, the _hell_ , wrote the code?" It'd be interesting to know their story.

~~~
kazinator
The fact that a dashboard system that controls your radio or AC has access to
cut your transmission is also a _hardware_ configuration issue. Accessories
should be physically secured from ignition and drive train. The internet
connected features of the car, in turn, should be severed from both of these.
It should not be physically possible to turn on the wipers from the embedded
processor that receives packets on the IP address of the car.

~~~
cameldrv
And what are we going to do for self-driving cars? These are almost certainly
going to rely heavily on internet access to perform basic driving functions.
Figuring out how to make complex systems like these be secure in a trustworthy
way is going to be a huge challenge as more and more critical devices are
connected to the Internet.

~~~
leereeves
No way a self driving car can rely on Internet access to "perform basic
driving functions". Lag and connection failures would kill people.

They might need Internet access for updates, in which case, there should be a
physical switch that connects the net and disables the engine.

~~~
philipw
An air gap is hardly a solution for traffic information the route planner HAS
to talk to the computer responsible for getting from A to B. In the same way
that firewalls are no longer particularly relevant, air gaps appear to be
flawed now too, the only way to solve any security issue is better code
quality..

~~~
leereeves
It's not perfect, but an air gap can help reduce the attack surface and
interval.

Better code quality is important too, of course.

I agree with cameldrv that it's going to be a challenge.

------
gortok
All the researchers and the journalist had to do was to talk to the Highway
Patrol and say, "We'd like to test this on a highway; what do we need to do to
make that happen?"

That's it. Maybe the State Patrol would say, "Sorry, there's nothing you can
do to test this here legally", or maybe they would have said, "Pay for
overtime for 10 troopers and you can do it."

The point is, we don't know. We can speculate, but we don't know.

The 'researchers' and journalist elected instead to conduct this experiment on
a state highway, in "real world" conditions, without any safety mechanisms in
place. Not only is this unethical and dangerous, it is (and should be)
illegal.

No one should stop these experiments from taking place; and the CFAA should be
amended to allow security researchers to research issues; but the problem I
have is the inherent danger in this experiment.

What would we be saying if the journalist had been killed, or a mother and her
two kids because of this? Do you think public sentiment would support security
researchers if this had turned out differently?

If anyone had gotten hurt, you'd be looking at legislation that strengthens
penalties for security researchers; not at legislation that takes security
research more seriously.

This was an extremely childish move that had the propensity to hurt our
industry more than help it. It is incumbent upon us take safety seriously in
conducting these experiments.

We can't count on level heads from outside the tech industry if we aren't
willing to show that we care about people's lives and their safety when we're
conducting these experiments.

~~~
nhf
> This was an extremely childish move that had the propensity to hurt our
> industry more than help it. It is incumbent upon us take safety seriously in
> conducting these experiments. We can't count on level heads from outside the
> tech industry if we aren't willing to show that we care about people's lives
> and their safety when we're conducting these experiments.

Agreed. I would have no problems with them doing this on a test track, closed
highway, or even a quiet road at low speeds. Even if we take the best possible
negative scenario—say, the car is disabled going at 25 miles an hour, the
driver can't handle manual steering, and then runs into someone's fence—the
insurance companies are going to throw the book at the driver when they learn
that they purposefully disabled their car and engaged in dangerous behavior on
a public street.

I'm all for pushing the boundaries of security research (there are people in
the labs all around me right now doing crazy stuff), but at least we in the
academic world get our crazy stuff signed off on by a panel of competent
experts.

------
userbinator
_All of this is possible only because Chrysler, like practically all
carmakers, is doing its best to turn the modern automobile into a smartphone._

I think this is the biggest problem. Stop making "smart" cars with all these
unnecessary features. Even if you can't resist adding entertainment or
navigation, don't ever physically connect those systems to the critical
systems like engine and transmission computers except through a one-way (to
display information) link, like it's done on airplanes.

I'm happy to have a much older vehicle with none of these "enhancements". It
has a physical throttle, hydraulic brakes, and steering linkage for which
remote hijacking is physically impossible. I can add navigation and
entertainment with a smartphone mounted on the dash. It may not be as fuel-
efficient or safe(?) as the cars today, but maybe the tradeoff is worth it.
That also suggests there could be a market for new "dumb" cars which have all
the modern improvements to engines and safety, but none of these "smart"
exploitable features.

(I'm not so paranoid as to get a mechanical EMP-proof diesel though...)

~~~
KeytarHero
It amazes me that while more and more jurisdictions are banning cell phone use
while driving, vehicle makers are increasingly resorting to touch screens for
things like stereo and climate control. When using a smartphone while driving
is illegal, how are in-vehicle touch screen controls meant to be operated by
the driver not banned?

As much as I love Tesla and what they are trying to do to the car industry,
they are the worst offenders in this. Hopefully by the time I can afford one,
there will be legislation making entirely touch-screen dashes illegal and
they'll have the usual 3 dials for climate control, that you can operate
without having to take your eyes off the road.

~~~
grkvlt
How would you like those three dials to control the rest of the car systems?
And, isn't this what BMW tried to do ages back with that single 'iButton'
control that everyone hated?

~~~
KeytarHero
Uhh, the same way almost every non-luxury car made between 1960 and 2010 did
it? A dial each for temperature, fan speed, and where the air is blowing. Plus
a button for air conditioning and/or recirculate. No touch screens, no menus.

People have been using cars without touch screens for 50+ years. The UX is a
pretty much a solved problem by this point. Yet now car manufacturers seem to
want to mess with something that worked great, just so their cars seem
cutting-edge.

~~~
grkvlt
You do understand that there is more than just climate control that can be
adjusted in a vehicle these days? There's navigation and direction finding,
traffic alerts, radar proximity warnings from other traffic, radio and
entertainment systems, telephony functions, systems monitoring and alerting
for various components, current engine and transmission ststus, location data,
environmental data...

------
tzs
DARPA researchers demonstrated this stuff on a "60 Minutes" segment a few
months ago [1]. The main difference is that they were in a large empty parking
lot so as to not unethically put non-participants in danger.

That work and earlier work (including that shown in the 2014 Black Hat
presentation by the researchers in the present article) drew interest of the
Senate [2]. Senator Markey's office produced a detailed report, and has called
for the NHTSA and the FTC to develop standards to deal with these issues (and
also the numerous privacy issues modern cars raise) [3].

[1] [http://www.cbsnews.com/news/car-hacked-
on-60-minutes/](http://www.cbsnews.com/news/car-hacked-on-60-minutes/)

[2] [http://www.cbsnews.com/news/sen-ed-markey-on-safety-
privacy-...](http://www.cbsnews.com/news/sen-ed-markey-on-safety-privacy-
concerns-for-cars-vulnerable-to-remote-hacking/)

[3]
[http://www.markey.senate.gov/imo/media/doc/2015-02-06_Markey...](http://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-
Tracking_Hacking_CarSecurity%202.pdf)

------
tantalor
Lot of comments here are accusing the "hackers" of negligence, but do not
forget the writer, camera crew, and editors of WIRED were fully in control of
the demonstration. This happened in the context of journalism, not security
research. Blame WIRED if you think they screwed up, not the folks behind the
computer.

It was up to WIRED to ensure the safety of the demonstration, and evidently
they failed given this passage,

 _After narrowly averting death by semi-trailer, I managed to roll the lame
Jeep down an exit ramp_

Seems to me they should have at the very least had a chase car trailing the
demo car with a sign, flashing lights, or flags to alert nearby drivers.

~~~
peeters
I think people are quick to single out the researchers because there is more
at stake when researchers act recklessly. When a journalist does something
reckless, it's a problem with that journalist. The Constitution protects other
journalists continuing to do what they do.

When a hacker does something reckless, it's usually painted as a problem with
all hackers. Which then fuels calls for draconian laws which would hinder
future research.

~~~
ripter
I think it's because the article clearly names the two researchers, while
WIRED is a faceless organization. It's a lot easier to get mad and blame the
one with a face.

------
jblow
This discussion is going insane.

I see lots of people arguing about the safety of how these guys conducted the
hack. Okay, sure, there is probably an issue there of some degree.

But it's a very small issue compared to the fact that hundreds of thousands of
vehicles are arbitrarily hackable _right now_ , with more rolling off the
assembly line all the time, and people are driving these around _right now_.

Why is most of the discussion here about the minor issue? Why is everyone so
eager to derail discussion from the major issue? I thought HN was trying to be
a reasonable place.

~~~
phaylon
> Why is most of the discussion here about the minor issue? Why is everyone so
> eager to derail discussion from the major issue? I thought HN was trying to
> be a reasonable place.

I find these criticisms _extremely_ reasonable. Plus, the big discussion is
not about them doing something illegal, the big discussion is about people
here being totally fine with it.

And given that the topic you (I assume) want to discuss is something along the
lines of "negligent behavior in technology", I also find it very relevant that
negligence is countered with more negligence.

~~~
jblow
They might be reasonable in isolation but are not being levied remotely in
proportion.

I just realized what the problem is: this is bikeshedding. Everyone knows
about people driving around and feels qualified to have moral indignation in
that area, whereas few people know anything about actual cars.

~~~
phaylon
No, when people's lives are at stake, I extremely disagree about calling that
"bikeshedding".

~~~
jblow
Please make an effort to read and understand my point.

Yeah, maybe there was a case when a couple peoples' lives were at stake but
nothing happened.

The real issue is that tens of thousands or hundreds of thousands of peoples'
lives are at stake RIGHT NOW, under conditions that are much less controlled
than what people are deriding as uncontrolled conditions. But people are
griping about the 1-2 instead of the 10,000-400,000.

How is this not dead simple to understand? I don't get it.

~~~
phaylon
> Please make an effort to read and understand my point.

Please don't assume disagreement implies I didn't make an effort. I understand
your point, I just vehemently disagree with it. Bringing up the word
"bikeshedding" when discussing putting people in danger of death is just
something I can not agree with.

> Yeah, maybe there was a case when a couple peoples' lives were at stake but
> nothing happened.

This is exactly why I so vehemently disagree. If we found all the people who
were in traffic with them at the time, do you think they'd agree that doing
experiments in public traffic next to them is a purely aesthetical issue?
Recklessness isn't defined by the outcome, but by the possible outcome.

> The real issue is that tens of thousands or hundreds of thousands of
> peoples' lives are at stake RIGHT NOW, under conditions that are much less
> controlled than what people are deriding as uncontrolled conditions. But
> people are griping about the 1-2 instead of the 10,000-400,000.

Yes, and I'm saying both are very important issues. Experiments on public
roads in actual traffic are something that should not ever happen. I'm also
not sure I'd put the amount of people they endangered in the 1-2 range, since
there was at least one other person in the car, one in the truck behind, and
others in the cars that passed them.

I also wouldn't go so far as calling this controlled, since that usually means
a controlled setting, safety precautions and such.

> How is this not dead simple to understand? I don't get it.

As said, I do understand, I just disagree. It would also make it much easier
to talk about this if you weren't trying to insult me and others.

I agree that the flaw itself is a very big issue. I disagree that the way the
experiment was done isn't. And nobody here is arguing that it's good that the
cars have that fault, so it's quite natural for the discussion here to be
around topics people disagree on.

You know what the perfect location and media would have been for such an
experiment? A television car show with a dedicated track and a big audience of
people driving cars.

------
adamtj
Should hackers actually kill somebody, I struggle to find a reason why the
relevant automotive engineers and their managers shouldn't be charged and
convicted of negligent homicide, or worse. After all, somebody had to make the
decision to connect a radio receiver to the CAN bus. Others are aware of the
wireless and choose not to remove it.

To be a professional is to have a duty to refuse to do stupid stuff like this,
even if it's legal and even if your job depends on it. But is it legal? Why
would we need any new laws for this? Connecting a wireless receiver to the
same network that controls a car's brakes and steering seems to me like
reckless endangerment. No need to wait for innocent people to die.

If history has shown us anything, it's that we cannot rely on software to
separate two systems sharing a network. Only physics can do that. If we must
have wireless for entertainment, then the entertainment and vehicle control
networks must be air-gapped.

This seems blindingly obvious to me. What am I missing?

~~~
rhino369
Criminal negligence is a high bar. We don't want to send people to jail for
mistakes, accidents and miscalculations.

Civil liability is a lower bar. Regular negligence is essentially not using
reasonable care. Whether air-gaping a cars computer is reasonable car would be
up for debate. But I think you'd have a good case.

Product liability is similar to negligence. It holds the builder, designers,
sellers, etc. liable for design defects. But I'm not familiar with caselaw
about how hacking vulnerabilities intersect with design flaws.

>If history has shown us anything, it's that we cannot rely on software to
separate two systems sharing a network. Only physics can do that.

Yet, a shocking number of critical systems are exposed to the internet.

------
uptown
"...whether the Internet-connected computers were properly isolated from
critical driving systems, and whether those critical systems had
“cyberphysical” components—whether digital commands could trigger physical
actions like turning the wheel or activating brakes."

Shouldn't this be the most basic design consideration for any company building
autos? The liability from litigation should bankrupt any company that doesn't
prioritize this.

~~~
marak830
Hell i thought an airgap would have been the first thing to occur. Why would
you need wireless access to non entertainment systems?

It honestly beggars belief in my opinion.

~~~
maxerickson
Remote start via cell phone is a very marketable feature.

Once you get there, doing things like turning on the heat or AC are nice tack
ons.

~~~
jon-wood
Remote start I can see the reasoning for, but remote stop just seems to be
asking for trouble.

~~~
cameldrv
The obvious but security-oblivious way to do this is to just connect the
entertainment system that has the internet connection to one of the car's
microcontroller busses. Even if it just needs to send a single command, it's
easier than adding another pin and another wire to the appropriate
microcontroller on the other end. The problem is that everything on these
busses is completely trusted, and there's no authentication. The window motor
can't tell whether the signal to roll down the window came from a switch or
from the entertainment system.

The simple solution is just to have a separate wire for everything, and source
devices that aren't supposed to control destination devices don't get those
wires connected. The problem is that the automakers went to microcontroller
busses because this creates a rats nest of wires.

The level 2 solution is have some sort of low-level filtering on the commands
that are going out from a controller on the bus, so any command that the
entertainment system sends to turn off the transmission doesn't make it onto
the bus.

The level 3 solution is to have some sort of cryptographic authentication of
entities on the bus, so that the endpoint can decide what commands it's going
to accept from what source.

As you go from level 1 to level 2 to level 3, the system is more flexible,
adaptable, and upgradable, but it's more complex, and thus more brittle to
attack. Sorting out how to handle this sort of thing is going to be a big
challenge as IoT pushes into more devices.

~~~
quonn
Encrypted and authenticated data on the bus won't happen anytime soon for cost
reasons. Filtering the commands the controller can put on the bus seams
reasonable, but would only be useful, if implemented on a second controller
(probably won't happen, either).

I think the best approach is to secure the internet connection properly. Don't
permit incoming connections at all and just permit a single outgoing TLS
connection to the server of the manufacturer, define a very simple protocol
and spend enough time to be sure the client is secure and validates
everything.

~~~
mzs
"outgoing TLS connection to the server of the manufacturer"

That is one of the principles of how Audi's system operates for security
reasons.

~~~
quonn
Interesting. It's the Blackberry way and generally a good idea.

------
jblow
Given that cars get recalled all the time for "this one part is kind of flimsy
and might break 3% of the time", I am not sure why "some guy in China can
drive your car off a cliff" is not grounds for an immediate and full recall.

If you talk to auto manufacturers in a way that they understand, they will
understand.

------
ak217
"Toyota, in particular, argued that its systems were “robust and secure”
against wireless attacks."

That's what they said about unintended acceleration. It turned out they were
lying. [http://www.edn.com/design/automotive/4423428/Toyota-s-
killer...](http://www.edn.com/design/automotive/4423428/Toyota-s-killer-
firmware--Bad-design-and-its-consequences)

------
cromulent
Previous research on this topic from 2010:

[http://www.autosec.org/pubs/cars-
oakland2010.pdf6](http://www.autosec.org/pubs/cars-oakland2010.pdf6)

Experimental Security Analysis of a Modern Automobile

"Even at speeds of up to 40 MPH on the runway, the attack packets had their
intended effect, whether it was honking the horn, killing the engine,
preventing the car from restarting, or blasting the heat. ... In particular,
we were able to release the brakes and actually prevent our driver from
braking; no amount of pressure on the brake pedal was able to activate the
brakes. Even though we expected this effect, reversed it quickly, and had a
safety mechanism in place, it was still a frightening experience for our
driver."

~~~
mzs
There is an extraneous "6" at the end of the paper url, it should instead be:

[http://www.autosec.org/pubs/cars-
oakland2010.pdf](http://www.autosec.org/pubs/cars-oakland2010.pdf)

------
floatingatoll
Please take a moment to write the NHTSA about this hack and ask them to issue
a recall for the affected vehicles.

[http://www.nhtsa.gov/Contact](http://www.nhtsa.gov/Contact)

~~~
mzs
I don't know if it will do much good, even if it did eventually lead to a
recall, FCA (parent of Jeep) is under investigation by the NHTSA for allegedly
poor handling of recalls.

[http://www.detroitnews.com/story/business/autos/chrysler/201...](http://www.detroitnews.com/story/business/autos/chrysler/2015/05/18/nhtsa-
fiat-chrysler/27531693/)

------
rebootthesystem
I revisited this thread and thought: How would I go about running these tests
and creating awareness for this issue?

A dynamometer would cover the vast majority of what they wanted to show. There
was no need to create the danger they created with this vehicle. They really
didn't know how the driver would react, "don't freak out" guarantees nothing.
A professional driver (like a stunt driver) would have been far more
appropriate.

The business about disabling the breaks should have been done a pile of hay
bundles or something like that in front of the car.

For exposure they could have contacted any number of TV stations or networks
who would have jumped on this immediately.

In all, the choices they made were reckless, stupid, dangerous and potentially
criminal. I don't doubt their tech credentials at all. They are tech-smart
people, no question about that. However, they have proven, beyond a reasonable
doubt, that they are poster children for that stereotype of socially clueless
engineers and/or the other stereotype of scientists/engineers who are so into
what they are doing that they are completely blind to the idea that they could
seriously harm people through their careless actions or inaction.

------
hoopism
Wow. Just because you are savvy enough to do the research does not make you a
researcher. These two really need to rethink the way they are "testing" this
and perhaps educate themselves on ethics in research.

Their judgement collectively was worse than a pack of 5th graders with high
grade fireworks.

~~~
jblow
I don't think you understand. Anyone in the world can do this. Right now. Any
time.

~~~
hoopism
Anyone could shoot up a public place... should amateur researches be showing
up in malls with firearms to test preparedness?

This case is even worse the the one I mentioned as there is a really easy way
to safely demonstrate this exploit.

~~~
jblow
If it were not demonstrated under real conditions, the car companies would
just say "this was a fake test not representative of real-world conditions,
isn't that true Mr. Journalist?" and the journalist would have to admit that
that was true and then they would say "Under real-world conditions our cars
are safe; customers have nothing to worry about."

This has been their playbook about everything for a long time so I don't know
why you think it would be different in this case.

~~~
ohitsdom
There is no way a "not real-world conditions" argument could be made if this
same test was done on a test track. No automaker would even try it because it
would generate even more bad press. The "researchers" did the test on a
public, in-use highway for better press/cool factor. Completely irresponsible.

~~~
jblow
Look at what Toyota did with the whole unintentional acceleration thing. About
as irresponsible as you can get.

~~~
rhino369
The ones that turned out to be mostly old people hitting the gas instead of
the accelerator?

~~~
radnor
Yeah, no. Check this out:
[http://www.edn.com/design/automotive/4423428/Toyota-s-
killer...](http://www.edn.com/design/automotive/4423428/Toyota-s-killer-
firmware--Bad-design-and-its-consequences)

~~~
nulltype
Interesting! How does Toyota's code compare to other car manufacturers?

------
Animats
This is very serious, because it can be used on a large scale and has
terrorism potential. This could be used to kill people or disrupt an entire
city. Where's Homeland Security on this? This is their job.

Meanwhile, __do not buy a Chrysler product with the "connectivity group" __.
It 's an option that costs about $500-$600.

------
Kliment
So if I'm understanding this correctly, the initial vulnerability is remote-
exploitable and relies on a firmware patch. Why wouldn't the manufacturer use
the same exploit to patch all affected vehicles rather than calling them in
for service?

~~~
maxerickson
Presumably they lack permission to do such a thing.

The researchers only experimented on a car they owned/controlled.

~~~
Kliment
The manufacturer presumably has permission to do so. As for the attackers
patching vulnerable vehicles, I hadn't thought of that, but of course that's a
possibility as well. Pretty much the definition of white hat. :)

~~~
maxerickson
Yeah, it appears they do:

[http://www.driveuconnect.com/terms/](http://www.driveuconnect.com/terms/)

(term 17)

------
laacz
I'm baffled (reporting ethics aside).

One would think that car industry would be the one which has learnt about road
safety the hard way. That experience should have manifested into extreme
caution when adopting and implementing anything new, open and complex.

Sadly it is starting to look that everything they learn, they do by trial and
error. Not by doing those things we take for granted from engineering and IT
perspective.

------
superuser2
Every single highway crash involving a loss of control is now potentially a
high-end assassination, including those that have taken place in the last few
years.

How many people do you think will be murdered this way before investigators
and the justice system catch up?

------
otikik
When I studied real time systems, it was clear that critical systems (in this
case the brakes, accelerator, wheel) needed to be in a physically separate
network from non-critical ones (music, air conditioning). I guess it must be
cheaper to build all in a single network, but it sounds irresponsible.

Also, this test should not have been done in a public road. That was
irresponsible.

~~~
mzs
There often are multiple CAN buses (though there is a push to a single high
speed bus) and the ECU (or BCM and so on) are supposed to make sure the
commands are safe. In practice they often communicate with one another
(manufactures want to sell features like remote start or use cheaper system
such as electric parking brake) and the module does not do as much
verification as it should.

------
jkot
> _The most disturbing maneuver came when they cut the Jeep’s brakes, leaving
> me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a
> ditch_

I was in that situation. No brakes, high rocks on one side, 100 meters cliff
on other side, 20km of downhill in front off me. I guess I will not be buying
Jeep anytime soon.

~~~
jerf
If you think that "drive-by-wire" is a specifically-Jeep problem, I've got
some bad news for you....

It is a safe assumption that these guys just happened to use a Jeep, and with
some work almost any modern car could have this done to it.

------
AustinDizzy
Does Wired really wonder why so many of their readers have ad blocking
software? [1] I can't even read the article on their website because every ad
I see is covering up some sort of text of the article. None of the ads have a
close, hide, or dismiss button either so I can't just go and hide them.

[1]: [http://i.imgur.com/IZymUKm.png](http://i.imgur.com/IZymUKm.png) [2]:
[http://i.imgur.com/C7LiA60.png](http://i.imgur.com/C7LiA60.png)

~~~
tdicola
Something is wrong with your browser or screen resolution. The page renders
fine in Chrome with no artifacts like that, etc.

------
bluecalm
This is scary. Malice or incompetence I think it's unacceptable for systems
handling the breaks and other crucial functions of the car to be anywhere
close to interacting with internet connection. I am going to stick to old
style cars for a while. This is really scary.

------
Tekker
I'm not going to comment on the question of whether or not the highway patrol
should have been called or not - just say I understand where poster
tombrossman was coming from.

However, I fully agree this was a ridiculous stunt. They could have gotten the
same results by demonstrating (on the highway, if they insisted) the air
conditioner going full blast, the radio, and the picture of the hackers on the
screen. Anything else (cutting transmission, obscuring visibility) should have
been saved for a safer environment. The point still would have been made.

And it's got nothing to do with the vehicle and driver itself (though I wonder
how the hackers knew the exact driving situation - was it plastered with
cameras?) - what if two unrelated vehicles got in an accident for some reason
and the test driver had to get out of the way, but couldn't?

And to make it worse, the cranked radio made it hard for the tester to
communicate with the hackers. Very dangerous stunt.

Also, and I know it was unrelated to this particular hack, but if the UConnect
recognizes voice commands (I assume so), and sends it back for processing,
then might it not also be able to bug (eavesdrop) on the car's interior?

Many disturbing revelations came out of this, and I applaud them for making it
known, but I criticize them harshly for the cavalier way they endangered
public safety.

------
peeters
I feel like, public safety aside, people should be mad at these researchers
because they give credibility to every ignorant politician, prosecutor, or
journalist out there who says that all hackers threaten the public good. How
are you supposed to draw a line between blackhat and ethical hackers when the
"ethical" ones endanger public safety all the same?

------
spaceisballer
Well luckily my Chrysler despite only being a year old does not have this
connectivity. It does have Uconnect which I despise, I keep contacting
Chrysler to demand that they offer the ability to use Apple Carplay or the
Google equivalent. To be fair there has yet to be a vehicle that has a nice
easy to use controls for radio or media.

~~~
basseq
Same situation, same sentiment. Chrysler is apparently "on the list" for
CarPlay compatibility, but across all marquees, there are only two cars you
can buy _today_ that have it installed, and both are Ferraris. (The 2015 Volvo
XC90 may have some form of CarPlay "preparation".) Don't hold your breath for
backwards compatibility.

All I really want is two things:

1\. The Voice button on my steering wheel to activate Siri. (Not the
_horrible_ UConnect voice assist.)

2\. Waze maps on screen. (UConnect navigation is shit and not worth the
price.)

------
themgt
As big of dicks as these researchers are, I just have to say, to anyone out
there working on software to run cars, airplanes, robots, other mobile
vehicles ... some day, within the next 5 or 25 years, it's pretty likely some
nut job is going to use an exploit take control of one or more of these
vehicles and crash them/use them as remote-controlled / swarm weapons,
possibly killing lots of people.

If you're writing that software, make sure you do a really, really good job on
security. Because no one wants to be the guy 'git blame' shows wrote the
exploitable feature that led to ??? deaths.

The industry really should have stringent standards that prevent ridiculous
breaches like this, I would say as well as simulators (or physical demo
vehicles) available online/open source that people can pen-test against and
win prize money. And maybe write all the code in Rust?

------
keso_77
I don't get it. Everyone seems to be either upset at the researchers for their
test or defending them. Why is no one upset at car companies putting tech in
our cars that allows for remote shutdown of said car. Is this what we bailed
them out for?

------
yodon
Hopefully people selling armored cars and armored trucks have good pen testers
on their teams. Run flat tires and armor-plated doors don't help much if an
attacker can shut down the engine and open the doors remotely.

------
ianhawes
I own a 2015 Jeep Cherokee and have poked around with Uconnect and the API
services it exposes. Theres a whole new world of exploitation (and eventually
modding) that is coming.

------
tdicola
Hah, I found it really funny as I scrolled down there's a big ad for a Fiat in
the article: [http://i.imgur.com/rSyYPO4.png](http://i.imgur.com/rSyYPO4.png)
Fiat owns Chrysler who owns Jeep... maybe not the best marketing idea to
advertise your cars in an article about exploiting them with potentially
catastrophic results.

------
jbombadil
Good luck trying to hack my 1971 Volskwagen.

------
anfedorov
_The two researchers say that even if their code makes it easier for malicious
hackers to attack unpatched Jeeps, the release is nonetheless warranted
because it allows their work to be proven through peer review._

Huh? If they have a video of their turning a care off remotely, do they really
need peer review of the details?

~~~
mzs
Yes, there have been numerous times when security researchers show video and
then the peanut gallery argues if it was staged or not. There is just no way
to be sure otherwise.

~~~
anfedorov
OK. Then you put a journalist in the video, who makes sure it wasn't staged,
and we trust them because their careers depend on their integrity.

------
thetruthseeker1
Research can be done to drive a point without making that into a drama. you
can demonstrate the science without the hollywood so to speak. I think what
was done here could have been demonstrated without the risk that was taken. I
think the risk that was taken was poor judgement.

------
a3n
I think a basic idea should be: panic stops disconnect all wireless access.

Which will probably result in lots of calls from people after they avoid
hitting a dog. But still.

~~~
alandarev
Disconnecting will not restore corrupted firmware. Once virus is there,
disconnecting just prevents data transfer.

~~~
a3n
Exactly. But at least you'd break the current control link and
possibly/hopefully be able to stop and steer.

Maybe in addition to breaking a link on a panic stop, stopping and steering
would be set to a non-commanded mode that relies less or not at all (maybe
impossible with current design?) on software commands.

~~~
maxerickson
The malicious firmware could just omit all that stuff.

I guess the disconnect could be physical/mechanical and require physical
intervention to reconnect (but cost, etc.).

------
asd
I'm willing to bet FCA wil recall all of these "UConnect" enabled vehicles
within a month to patch this. This will blow up fast.

~~~
mzs
You might lose some money:

[http://www.detroitnews.com/story/business/autos/chrysler/201...](http://www.detroitnews.com/story/business/autos/chrysler/2015/05/18/nhtsa-
fiat-chrysler/27531693/)

There is a patch available, but that is not a recall. A recall takes some time
under the best circumstances and FCA pushes back hard on expensive ones.

~~~
asd
The feds have been breathing down their necks lately due to too many defects.
I'm sure they brought the hammer down hard (behind the scenes) on this one,
thus forcing them to announce the recall this morning.

~~~
mzs
I just saw the news and came here to say you would have made a great bet,
cheers!

------
eam
Anything connected on the internet is hackable. We've seen this time after
time, so I'm not surprised.

------
upofadown
That was a lot of uninformative text to plow though...

Apparently someone has found a remote exploit that affects some model of Jeep.
It requires an attacker to find the IP address of the Jeep. Which implies that
a Jeep has an IP address. The communication between the Jeep and the world is
something called Uconnect.

~~~
Miner49er
They've also found a way to scan the Sprint network for cars connected to
Uconnect and retrieve the cars' VIN and location.

~~~
XorNot
I'm still curious if this can be done without physical access to the car in
advance. The last time one of these showed up, it was very understated that
all the remote access stuff involved reprogramming an ECU and plugging in a
phone you control.

The article doesn't provide any clear information on whether this works purely
remotely.

EDIT: Scrap that, seems it does - weird that the article doesn't lead with
that more prominently. In which case _wow_ \- pinging the network and grabbing
GPS coordinates for cars?

------
davesque
It's weird that they said the demonstration wouldn't be life threatening when
it actually was.

------
metafunctor
There's a patch available for this already:
[http://www.wired.com/2015/07/patch-chrysler-vehicle-now-
wire...](http://www.wired.com/2015/07/patch-chrysler-vehicle-now-wireless-
hacking-technique/)

------
MikeNomad
Good research by the hackers, stupid execution.

Calling the police was indeed the right thing to do.

Maybe next time, the hackers can test on the vehicles driven by the car
executives, while they are driving, have their family in the car with them,
etc.

Can't wait to see that comment thread...

------
andrey-g
I recall that last time they used a piece of hardware to connect to the CAN
bus via cellular. Are they now able to control the CAN bus via the
infotainment system? Does it have it's own cellular transmitter?

------
gregpilling
Ok, so if the Dodge Dart and the Alfa Romeo Giulietta are built on the same
platform , do they share the same vulnerability in the computer systems?

or is it more about the Uconnect than anything else ?

------
a-dub
meh. cars stall all the time. if they hadn't gone for the freakout factor with
the reporter, there wouldn't be high profile press, embarrassed automotive
executives and politicians scrambling to get a handle on the issue.

the real issue is that the automakers are producing fundamentally dangerous
vehicles and the federal government is allowing it. these vehicles could be
exploited maliciously to cause serious physical harm or death.

this is actually a problem. not some onetime stall of a jeep on the highway.

------
joncfoo7
Did anyone bother to read the full article? If so, you would find out that it
was a [somewhat] controlled experiment.

> To better simulate the experience of driving a vehicle while it’s being
> hijacked by an invisible, virtual force, Miller and Valasek refused to tell
> me ahead of time what kinds of attacks they planned to launch from Miller’s
> laptop in his house 10 miles west.

> Instead, they merely assured me that they wouldn’t do anything life-
> threatening.

> Then they told me to drive the Jeep onto the highway. “Remember, Andy,”
> Miller had said through my iPhone’s speaker just before I pulled onto the
> Interstate 64 on-ramp, “no matter what happens, don’t panic.”

~~~
bengali3
be sure to check out the video
[http://dp8hsntg6do36.cloudfront.net/55ad80d461646d4db7000005...](http://dp8hsntg6do36.cloudfront.net/55ad80d461646d4db7000005/9aca04ce-083b-4756-bda9-a37a148bf90flow.webm)

~~~
joncfoo7
All right, I concede. I did not watch the video but only read the article -
that was a bit insane of them.

When I read the article, in my mind, I pictured them driving the car on an
empty-ish highway/road. That was clearly not the case.

------
mfukar
Surprising the comments critical of how the test was performed publicly equate
exploitation with guns:

> How about they remotely poke around your husband or wife's car and explore,
> as long as they promise not to intentionally trigger anything?

> Calling the cops on a loud neighbor might not be acceptable, but calling the
> cops on a neighbor firing a gun in the general direction of your house
> certainly would be.

> Anyone could shoot up a public place... should amateur researches be showing
> up in malls with firearms to test preparedness?

The lack of sound judgement _and_ arguments is astounding.

------
siliconc0w
Last wired on this was kinda bullshit - they let the researchers install a
system on the CAN bus. Was this a legit wireless takeover?

------
bluedino
>> The attacker’s PC had been wired into the vehicles’ onboard diagnostic
port, a feature that normally gives repair technicians access to information
about the car’s electronically controlled systems.

Is this even really considered an issue?

~~~
maxerickson
Here's the context:

 _Back then, however, their hacks had a comforting limitation: The attacker’s
PC had been wired into the vehicles’ onboard diagnostic port, a feature that
normally gives repair technicians access to information about the car’s
electronically controlled systems.

A mere two years later, that carjacking has gone wireless._

So the issue is right there in the surrounding text.

------
daveloyall
So, a HN commentator apparently called the cops on these guys after reading
the Wired article.

Several commentators more or less agree, arguing that performing these tests
on the I-40 was criminally negligent.

Stop right there. Grow some balls. These guys are elite, their demo was
badass, and I've done stupider things on I-40 _for no reason_.

And wtf you called the cops? _head in hand_

~~~
Someone1234
> These guys are elite, their demo was badass, and I've done stupider things
> on I-40 for no reason.

"Elite," seriously? Is it 1995? Is the movie "Hackers" some type of
inspiration to you? I'm almost surprised you didn't go all l33t speak.

They endangered people's lives. It is as simple as that. If you too endanger
people's lives "for no reason" on I-40 I hope they get you too.

~~~
daveloyall
They demonstrated that hackers can take lives using a laptop and a cell phone.
And they displayed their own picture on the dashboard screen while doing it.

Yes, elite. I'm not bringing it back; they already did.

~~~
squeaky-clean
They could have demonstrated that in a closed parking lot, and not a real
highway.

