Cybersecurity experts hijack Jeep running at 30 mph

05 Aug 2016

Cybersecurity researchers, Charlie Miller and Chris Valasek who had digitally hijacked a Jeep over the internet a year ago (See: Security researchers hijack cars remotely) demonstrated how they could plug into the car's electronic system to hijack its steering and brake systems at the Las Vegas Black Hat security conference.

In 2015, they were able to remotely stop a car and disable its brakes when it was going below five miles per hour, but during this year's exploit the car was going at a much faster clip.

While they said what they had done was difficult, time-consuming and not something that would be widely possible for years, they also insisted that by getting the word out now, car companies could get ahead of the problem and build systems that were safer.

''Let's make this harder to do. Any technology system can be leveraged by attackers,'' said Miller, who spoke with Valasek yesterday at Black Hat, the massive computer security conference in Las Vegas.

The pair explained to the packed audience how they broke into their 2014 Jeep Cherokee's code, identified its vulnerabilities and then engaged the brakes. They then took over the steering wheel and set the parking brake even as the car was driving at speeds as high as 30 miles per hour.

"Hackers come here to show off some of their craziest hacks, but they're doing it to really raise awareness of how vulnerable these systems could be," said CNET reporter Laura Hautala.

"We are the good guys," Valasek said. "I mean the bad guys don't tell you what they're doing."

The chip on the new credit or debit card was another potential target, though it is supposed to be more secure than swiping. However, Tod Beardsley showed how small devices could steal users' account information and send it over the internet to a rigged-up ATM, as the users waited withdraw their money.

"This whole thing takes less than a minute. It's that window that allows attackers to kind of beam it... over the internet, to a device such as this," Beardsley said, holding up the small device.