Granted, this time they were in the vehicle with a laptop physically connected to the CAN network via the diagnostic port. They reverse-engineered the electronic control unit (ECU) firmware, basically knocking it offline, so they could send fake CAN messages to tell the car what to do, such as slam on the brakes, jerk the steering wheel or hit the gas.
Even the most distracted driver could not help but notice a stranger in their vehicle in order to pull off the latest attacks. However, when The Register’s Darren Pauli asked if the hack could be done remotely, such as by an attacker concealing a device for automated or remote attacks via a wireless link, Miller said, “Most definitely.”
The car hackers took the Jeep out in the sticks to try out the attacks. In one attack, they whipped the steering wheel 90 degrees while the Jeep was driving at 60 mph.
In another test on a remote road that yanked the steering wheel, the Jeep ended up stuck in a muddy ditch. They told Dark Reading’s Kelly Jackson Higgins that a crop-duster spotted the disabled Jeep and called the cops, but a pickup driver stopped to help them. Valasek, who had been driving, said, “Charlie was running [the attack] in the backseat, and we curved and hit the ditch and couldn’t get out because it was super-muddy.”
“We can permanently lock the electronic parking brake so it’s permanently immobilized. Even if you restarted the car, the parking brake would be on and you would not be able to drive anywhere. We disabled all aspects of steering, so it’s super-hard to turn the wheel and even harder if you drive the car without steering [capability] … at any speed.”
On Thursday, the car hacking duo will present Advanced CAN Injection Techniques for Vehicle Networks at the Black Hat conference. The presentation will detail the techniques used in the hacks. They also have developed an anti-intrusion system capable of detecting the attacks.
http://www.networkworld.com/article/3103431/security/theyre-back-car-hackers-take-control-of-jeep-s-steering-and-braking.html
