If you're planning to buy or rent a car anytime soon, you may want to think twice about what model you choose. A pair of security researchers has found a way to remotely control thousands of different vehicles — from the windshield wipers and radio to the (gulp) brakes.
Charlie Miller and Chris Valasek found a software vulnerability that lets them take control of Fiat Chrysler Automobiles vehicles, via a hardware chip — the same one that provides the vehicle with a wireless internet connection (used for navigation, phone calls, and as a WiFi hotspot). Miller and Valasek can control the car’s locks, lights, blinkers, windshield wipers, speedometer, and, terrifyingly, its brakes and steering (if the car is driving less than 6 MPH). Models affected by the issue include Jeeps, Fiats, Dodges, and Rams sold from late 2013 to 2015 — that's hundreds of thousands of cars currently out on our roadways.
“I have done a lot of research, but this is the first time I’ve been truly freaked out,” Miller told The New York Times in a phone interview. “When I could hack into a car in Nebraska driving down the freeway, I had that feeling. I shouldn’t be able to do this.”
Miller and Valasek aren't releasing the exact details of how they accomplished the hack (thank goodness) and have submitted a patch that would fix the issue to Chrysler Fiat. Their goal in sharing their findings was to give the public a tangible example of the dangers of hacking and the lack of internet security. They will be presenting their findings in more detail at hacking conferences in Las Vegas next month.
The hack, which WIRED demonstrated in a video, illustrates one of the greatest fears about the whole connected-home, Internet-of-Things movement: that, by connecting your entire life to the web, you open yourself to being hacked in a variety of scary and dangerous new ways.
Mat Honan previously imagined this sort of scenario for the home:
I wake up at four to some old-timey dubstep spewing from my pillows. The lights are flashing. My alarm clock is blasting Skrillex or Deadmau5 or something, I don’t know. I never listened to dubstep, and in fact the entire genre is on my banned list. You see, my house has a virus again.
As for the car issue, a spokeswoman for Fiat Chrysler said that she didn't think it was responsible of the researchers to publicly disclose this vulnerability, and that the company is constantly testing for security issues and has already distributed a software update that fixes the problem.
What about the wider issue of connected-home security? If proper precautions and constant, diligent testing aren't in place, you could find your lights, your Dropcam, or your car under the control of a hacker or malware. Really makes driving your dad's pre-internet jalopy seem safer, huh?