TOKYO — When automotive security researchers Charlie Miller and Chris Valasek take the stage Thursday morning (Aug. 4) at the Black Hat conference in Las Vegas, they will outline new methods of CAN message injection.
The two researchers who now work for Uber’s Advanced Technology Center will demonstrate how to physically seize control of the braking, steering, and acceleration systems in a vehicle.
In last year’s hack, which led to Chrysler’s recall for 1.4 million vehicles, Miller and Valasek focused on pulling off “wireless attack” on the Jeep.
The two at that time exploited a Harman “head unit,” which offers a Wi-Fi hot spot — in a 2014 Jeep Cherokee — to get into the vehicle’s network. Later the hackers invaded the car through its cellular connection, via Sprint’s wireless network.
This year, the security experts turned their attention to injecting rogue messages into a vehicle’s CAN bus, which resulted in a full-speed attack on the Jeep’s steering and acceleration.
Instead of getting into the guts of a car wirelessly, Miller and Valasek this year used a laptop directly plugged into the Jeep’s CAN network through a port under its dashboard. They confirmed that they used the patched Jeep for this hacking.
In prior to the duo’s presentation at Blackhat, Wired first posted a story detailing Miller and Valasek's latest Jeep hack.
Asked about Miller/Valesek research,Chrysler’s parent company Fiat Chrysler Automobiles (FCA) asserted that the duo's attack could not have been performed remotely.
The company responded in a statement stressing, “This demonstration required a computer to be physically connected into the vehicle’s onboard diagnostic (OBD) port and present in the vehicle.” It added, “While we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA US vehicles.”
Chrysler also added: “It is highly unlikely that this exploit could be possible through the USB port, if the vehicle software were still at the latest level.”
Chrysler couldn’t have been more wrong.
Whether Miller and Valasek’s car attack was done wirelessly or via OBD-II port is beside the point. Although Chrysler created a patch for the Jeep last year, it did not by any means close all avenues to wireless car attacks.
When EE Times inquired Wednesday (Aug. 3) David Uze, CEO of Trillium in Tokyo about this, he said, “What the second Jeep attack proved this year is that there are a large number of vehicles out there still unprotected.”
Chrysler’s patch is a firewall for the Jeep’s infotainment system, the attack surface Miller and Valasek exploited last year.
But “it’s absolutely wrong” for carmakers to think there won’t other ways to penetrate that firewall, Uze explained.