Hackers Remotely Kill a Jeep on the Highway—With Me in It

It's not fun to have your two ton SUV's brakes hacked,

just as you're parking in front of a ditch.

Okay, hold on tight.

Hold on.

Oh s*.

That's what I've learned

from Charlie Miller and Chris Valasek,

a pair of hackers who have spent the last year

developing a piece of software

that can wirelessly sabotage this 2014 Jeep Cherokee.

It hasn't been altered in any way.

There are no devices attached to it,

but like many thousands of Jeeps around the world,

it can be remotely hacked over the internet,

through a cellular connection to its entertainment system,

that would allow someone to take over its steering,

its transmission and even its brakes.

To demonstrate that, I'm going to act

as today's crash test dummy and drive it on the highway,

here in St. Louis, while Charlie and Chris

hijack its digital systems from Charlie's house, miles away.

They wouldn't tell me what they had planned,

but they assured me

that it wouldn't be anything life threatening.

Remember Andy, no matter what happens, don't panic.

[Andy] It's not the first time I'd driven a car

while it's being attacked by these two hackers,

but in 2013 they were in the back seat

and their laptops were wired into the vehicle

through a port in its dashboard.

Now they're sending the same sort of attacks remotely

and I have no idea what they might do.

He's going as fast as I've seen him, so.

First we're going to turn the fan on him.

[Charlie] Yeah, let's turn the fan on

and see if he even notices.

All right.

Something just turned on all the fans and A/C and stuff.

I didn't do that.

The tricks started small.

Oh my God!

There's a picture of Charlie and Chris in track suits

that just appeared on the dashboard.

But as I drove down the interstate,

things started getting unpleasant

and very loud.

(loud rap music)

Perfect.

I can't turn it down.

Cool.

Now the air-conditioning is blasting,

the music is blasting and I can't see anything

because of the f*ing windshield wiper fluid.

Okay, do it.

Do it.

Kill the engine.

We're killing the engine right now.

It says the ParkSense.

F*.

Actually, I can't accelerate.

I stomped on the gas, but the Jeep slowed to a crawl.

It says 43 miles an hour, but I'm not going that fast.

I turned on my hazard lights,

but I was still stuck in the right lane,

with no shoulder to escape onto.

Guys, I'm stuck on the highway.

What did he say?

I don't know. I think he's panicking.

He's not going to be able to hear us with that radio.

It's so loud.

Guys, I need the accelerator to work again.

The accelerator won't work.

It won't work.

You're doomed.

Seriously, it's f*ing dangerous.

I need to move.

You got to turn the car off.

Okay.

[Charlie] Now you should be good to go.

(truck horn honks twice)

[Charlie] A semi drove by.

All right. I'm going to pull over,

because I have PTSD.

Charlie and Chris have only tested

the full range of their attacks on a Jeep Cherokee,

but they say that hundreds of thousands

of late model Chrysler vehicles may be vulnerable

through a feature called Uconnect,

an internet connected computer in the dashboard

known as its headunit.

These cars' headunits expose a particular service

that probably they didn't want to.

It lets you do things like query it for information,

like the GPS or the VIN, or all sorts of other things

but it also lets you just run commands.

You have to first break into the car, remotely,

over the cell network and then move laterally,

if you want to do things like send CAN messages.

Those are the messages that we can use

to control things like steering,

or the windshield wipers, or braking.

They plan to release a portion of their exploit code

at the annual Black Hat hacker conference next month.

They've also alerted Chrysler,

which is issuing a security patch.

They say a lot more needs to be done

to protect a new generation of cars

that are increasingly connected to the internet

and potentially hackable.

You guys basically brought this car to a standstill

while I was driving it on the highway,

which I may never forgive you for.

That was just an experiment.

What do you think is the worst case scenario?

We wanted to point out, to show that this attack

has serious consequences for this vehicle.

We did attack you,

but we did it in as safe a way as we could.

We didn't want you to get hurt, obviously.

That's why we're working is to make sure

that we figure out vulnerabilities, weaknesses,

get them fixed.

We're only two guys with one car.

We can't look at every car.

We want to release this information

because more people like us need to be focused

on this problem.

After their stunt on the highway,

Chris and Charlie still wanted

to show me a couple of other tricks.

Below a certain speed,

they can control the Jeep's steering,

as long as it's in reverse,

pop its locks, mess with the speedometer,

and, of course, disable the brakes.

Okay, hold on tight.

Hold on.

Ah, s*.

[Chris] He's not getting out of that.

[Charlie] You don't think so?

[Chris] We're going to be doing some pushing.

[Charlie] That's how you drive in the Midwest.

New Yorkers don't know how to do that.