When Wired ran the story about Charlie Miller and Chris Valasek hacking a Jeep and running it off the road last year, it was not some snappy lark. The process took several months of painstaking effort to learn the vehicle’s information system and crack the code. In the end, the two scientists (Miller has a PhD in mathematics and Valasek has a degree in computer science) figured out they had to enter the Jeep’s CAN Bus brains to reach the steering and the brakes.
Charlie Miller speaking at the 2016 ARM TechCon conference.
At a keynote talk at the ARM TechCon conference this week, Miller offered the details of the hacking and warned that vehicles will not be cyber-safe anytime soon. He started off explaining that car hacking is very recent, since hackers didn’t realize cars were vulnerable until just the last few years. “Hacking cars started in 2010. Until then, people didn’t realize there are computers in their cars. They didn’t realize that if you plug into a car, you can cut the brake lines,” said Miller, who works as an engineer at Uber. “I read the papers about the first hackings and decided this was something I wanted to do.”
Miller noted that the first car hackers entered through OnStar. “OnStar is a service that allows you to call for help. They dialed into OnStar and took over the car,” he said. “They did it in a testing track. They could lock up individual brakes, and they were able to stop the car. They didn’t release any details, so I didn't have anything to go on. They didn’t even reveal what type of car they used.”
For their first hacking, Miller and Valasek used a Ford Escape and a Toyota Prius. “We went to a car dealer and bought the cars. We hacked in and found we could control the keys and the locks,” said Miller. “We were able to control the steering. It was inconsistent, but we could do it sometimes. It would take 30 minutes.”
The Vulnerabilities Are in the Features
Through the process of hacking, Miller and Valasek learned how the data systems in cars are put together. They discovered the importance of the CAN Bus. “Cars have changed. As you add more and more features, you have all this wire in the car. That’s weight and cost, so car companies decided to create a CAN Bus so you don’t have as many wires,” said Miller. “They also moved to wireless communication such as wireless tire pressure sensors. Now you have outside signals coming into the car, and those signals have vulnerabilities that can lead to compromises from the outside world.”
The communication systems of cars became more complex with the addition of steering and braking features. “They added non-collision safety features, and that gets you close to the brakes. Parallel parking technology means a computer can control your steering, and it’s all connected together,” said Miller. “That means there is a computer attached to your brakes and steering. Once you get in, you can talk to