Skip to main content

Jeep hackers return to remotely hack Cherokee’s digital systems

Just a year after they caused Chrysler to recall 1.4 million Jeep Cherokee vehicles after showing how they could remotely hijack a jeep’s digital systems over the internet, Charlie Miller and Chris Valasek are back to show how it could get worse. In the 2015 attack, they first toyed with the vehicle’s air conditioning, entertainment system and windscreen wipers, before cutting the transmission and causing the jeep to slowly come to a halt. At the Black Hat USA 2016 conference this week the two automot
August 4, 2016 Read time: 2 mins
RSSJust a year after they caused 1958 Chrysler to recall 1.4 million Jeep Cherokee vehicles after showing how they could remotely hijack a jeep’s digital systems over the internet, Charlie Miller and Chris Valasek are back to show how it could get worse.

In the 2015 attack, they first toyed with the vehicle’s air conditioning, entertainment system and windscreen wipers, before cutting the transmission and causing the jeep to slowly come to a halt.

At the Black Hat USA 2016 conference this week the two automotive cybersecurity researchers will outline new methods of cyber attack against the same Jeep Cherokee they hacked last year.

According to Miller and Valasek, hackers usually inject CAN messages on to the vehicle's network. However, there are often many limitations on what actions the vehicle can be forced to perform when injecting CAN messages. While an attacker may be able to easily change the speedometer while the car is driving, he may not be able to disable the brakes or turn the steering wheel unless the car he is driving meets certain prerequisites, such as travelling below a certain speed.

In their presentation, they plan to discuss how physical, safety critical systems react to injected CAN messages and how these systems are often resilient to this type of manipulation.

They will also outline new methods of CAN message injection which can bypass many of these restrictions and demonstrate the results on the braking, steering, and acceleration systems of an automobile. They end by suggesting ways these systems could be made even more robust in future vehicles.

For more information on companies in this article

Related Content

  • Felix Scheuter, of Haenni Instruments, on effective highway weight enforcement
    September 26, 2013
    Felix Scheuter, managing director at Haenni Instruments, the renowned Switzerland-based mobile scales manufacturer, gives World Highways his views on how best to ensure effective highway weight enforcement The main danger for any road is its gradual destruction by overloaded heavy goods vehicles (HGVs). The more frequently such vehicles use a highway, the faster it is destroyed. Mobile patrol teams using mobile weighing scales are a highly effective way to enforce weight limits aimed at protecting ro
  • Connected-car security market expected to reach US$759 million in seven years
    September 30, 2016
    With nearly 112 million vehicles now connected around the world, the global market for automotive cybersecurity is expected to grow exponentially – to US$759 million in 2023, according to a new report, Automotive Cyber-security and Connected Car, from IHS Automotive, part of business information provider IHS Markit. Connected cars are defined as those that have a connection to the internet, through telematics, an onboard modem or a paired device in the vehicle, such as a mobile phone or other device. One
  • Volvo testing smart cars that share road conditions
    February 20, 2015
    As the Drive Me project enters its second year, Volvo Cars is moving rapidly towards the aim of placing 100 self-driving cars in the hands of customers on selected roads around Gothenburg by 2017. The key to making this unprecedented leap is a complex network of sensors, cloud-based positioning systems and intelligent braking and steering technologies. Volvo Cars’ Autopilot system is designed to be reliable enough to allow the car to take over every aspect of driving in autonomous mode. The main challenge i
  • Keeping cyber criminals from your website
    November 10, 2017
    If a hacker can penetrate your website, they can do business as you. Joe Dysart explains how you and your customers may not discover the fraud for some time. In the latest twist on identity theft, hackers are clandestinely taking over business websites - and then brazenly billing visiting customers as if the sites are their own.