In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Bend, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel. This wasn't the first time Miller and Valasek had put me behind the wheel of a compromised car. "Remember, Andy," Miller had said through my iPhone's speaker just before I pulled onto the Interstate 64 on-ramp, "no matter what happens, don't panic." 1 Then they told me to drive the Jeep onto the highway.
Instead, they merely assured me that they wouldn't do anything life-threatening. To better simulate the experience of driving a vehicle while it's being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller's laptop in his house 10 miles west.
Their code is an automaker's nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country. The result of their work was a hacking technique-what the security industry calls a zero-day exploit-that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Louis to be Miller and Valasek's digital crash-test dummy, a willing subject on whom they could test the car-hacking research they'd been doing over the past year. The Jeep’s strange behavior wasn’t entirely unexpected.
0 kommentar(er)
