Just a year after they caused Chrysler to recall 1.4 million Jeep Cherokee vehicles after showing how they could remotely hijack a jeep’s digital systems over the internet, Charlie Miller and Chris Valasek are back to show how it could get worse.
In the 2015 attack, they first toyed with the vehicle’s air conditioning, entertainment system and windscreen wipers, before cutting the transmission and causing the jeep to slowly come to a halt.
At the Black Hat USA 2016 conference this week the two automot
RSSJust a year after they caused 1958 Chrysler to recall 1.4 million Jeep Cherokee vehicles after showing how they could remotely hijack a jeep’s digital systems over the internet, Charlie Miller and Chris Valasek are back to show how it could get worse.
In the 2015 attack, they first toyed with the vehicle’s air conditioning, entertainment system and windscreen wipers, before cutting the transmission and causing the jeep to slowly come to a halt.
At the Black Hat USA 2016 conference this week the two automotive cybersecurity researchers will outline new methods of cyber attack against the same Jeep Cherokee they hacked last year.
According to Miller and Valasek, hackers usually inject CAN messages on to the vehicle's network. However, there are often many limitations on what actions the vehicle can be forced to perform when injecting CAN messages. While an attacker may be able to easily change the speedometer while the car is driving, he may not be able to disable the brakes or turn the steering wheel unless the car he is driving meets certain prerequisites, such as travelling below a certain speed.
In their presentation, they plan to discuss how physical, safety critical systems react to injected CAN messages and how these systems are often resilient to this type of manipulation.
They will also outline new methods of CAN message injection which can bypass many of these restrictions and demonstrate the results on the braking, steering, and acceleration systems of an automobile. They end by suggesting ways these systems could be made even more robust in future vehicles.
In the 2015 attack, they first toyed with the vehicle’s air conditioning, entertainment system and windscreen wipers, before cutting the transmission and causing the jeep to slowly come to a halt.
At the Black Hat USA 2016 conference this week the two automotive cybersecurity researchers will outline new methods of cyber attack against the same Jeep Cherokee they hacked last year.
According to Miller and Valasek, hackers usually inject CAN messages on to the vehicle's network. However, there are often many limitations on what actions the vehicle can be forced to perform when injecting CAN messages. While an attacker may be able to easily change the speedometer while the car is driving, he may not be able to disable the brakes or turn the steering wheel unless the car he is driving meets certain prerequisites, such as travelling below a certain speed.
In their presentation, they plan to discuss how physical, safety critical systems react to injected CAN messages and how these systems are often resilient to this type of manipulation.
They will also outline new methods of CAN message injection which can bypass many of these restrictions and demonstrate the results on the braking, steering, and acceleration systems of an automobile. They end by suggesting ways these systems could be made even more robust in future vehicles.
