In-brief: Security Ledger Editor in Chief Paul Roberts speaks with Chris Valasek, the Director of Vehicle Research at IOActive about the work he and Charlie Miller did to develop wireless based attacks that control the braking, steering and acceleration of late model Chrysler vehicles.
As you’ve probably heard, Fiat Chrysler yesterday announced that it was recalling 1.4 million vehicles following a demonstration by researchers Chris Valasek of Charlie Miller of a method for doing remote, wireless and software based attacks on critical features of Chrysler vehicles: controlling acceleration, braking and even the windshield wipers.
Security Ledger had the opportunity to speak with Chris earlier this week about his research on the Chrysler Jeep that was the subject of his demonstration. Chris talked with me at length about the work he and Charlie did to reverse engineer both the wireless UConnect technology that is used to connect Chrysler vehicles to the Internet, and then jump from UConnect to the internal CAN bus that is used to control the critical functions of the vehicles.*
Valasek said that the hacks he and Miller demonstrated took months to develop. But he also noted that the barrier to such hacks is low in many, late model connected vehicles. The biggest obstacle to hacking a vehicle, Valasek argued, may be the cost of the vehicle itself, rather than any technical impediment in the hardware or software that runs the car.
“This is like hacking web browsers 10 years ago where people are just learning about how they work and what you can do with them,” Valasek said.
But car companies should prepare for more hacks of this type, Valasek argues.
“One of our key points with this…is (that) while the manufacturer might have understood that tjos could happen remotely and you could control the radio, they probably didn’t understood that with a bunch of work you could use what’s in the head unit to gain access to physical control systems.”
Check out my conversation with Chris below:
|[soundcloud url=”https://api.soundcloud.com/tracks/216322790″ params=”color=ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false” width=”100%” height=”166″ iframe=”true” /]|
|MP3 from Security Ledger|
(*) Excuse the spotty sound quality in parts of this recording!