A 2014 Cherokee Jeep was one again compromised by the car hackers Chris Valasek and Charlie Miller. This attempt, however, involved a physical connection between the Jeep and a laptop, and the hackers` physical presence to control the car`s steering and kill its brakes.
The hack is to be presented at Black Hat Las Vegas this week in video proof-of-concept demonstrations.
Miller explains that the attack could be done with the help of a concealed device with automated and timed commands, or with remote attack via wireless link. An achievement like this, which, according to Miller, is absolutely possible, could easily be considered a vector for targeted assassination.
This attack is quite similar to other CAN bus attacks in which the hackers have managed to take control over the steering, kill the brakes and pop the locks.
There are legitimate uses for tapping CAN buses that have spawned companies which manufacture products that tap into the ports in order to display detailed fuel consumption and engine data to drivers, for example.
In one of the proof videos Miller is sitting in the Jeep`s backseat with his laptop connected to the CAN bus above the dashboard. His partner is slowly driving around him until Miller locks the Jeep`s steering wheel at 90 degrees to the right forcing it to leave the road.
The Jeep is actually the same one which the duo remotely hacked last year. During the live demonstration on US highway I-64 they damaged the engine. The car hackers disabled one of the Jeep’s electronic control units by setting it to a maintenance mode. Then they used another unit to send fake commands to the vehicle.
Miller and Valasek said they have wrote a paper, which is to be presented at Black Hat. In it they advise vehicle manufacturers to lock down CAN buses. Moreover, they have created an instruction detection system to help them detect their attacks.
