It’s time to take security on the “Internet of things” seriously. Wired reporter Andy Greenberg recently asked two hackers to prove an exploit by taking over Greenberg’s Jeep Cherokee as he drove down a highway in St. Louis, which they did to great effect:
As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
Per Greenberg, hackers Charlie Miller and Chris Valasek were able to gain control of the vehicle remotely via its “UConnect” entertainment system, which uses cell service to provide drivers with utilities like “Vehicle Finder, Send Destination to Vehicle, a Monthly Vehicle Health Report and Vehicle Health Alert,” among others.
In a statement to The Huffington Post, Chrysler spokeswoman Alyse Tadajewski condemned Wired’s disclosure, but acknowledged their vehicles’ software is indeed “similar to a smartphone or tablet” and “can require updates for improved security protection.”
To that end, Tadajewski encouraged concerned readers to enter their vehicle information here for a patch, which can be self-installed, or to visit their dealer, who can complete the Uconnect update at no charge.
Serendipitously, the same day Wired released its article, Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced a bill that would force automakers to up the IT security of their in-vehicle electronics.
Jeep isn’t alone in this, of course. As more and more devices end up communicating on the Internet, more and more are susceptible to hacks and exploits — some terrifying, as in this case, and some amusing, including:
In early 2014, an Internet security firm discovered a smart fridge was part of a compromised “botnet” of more than 100,000 Internet-enabled devices. The fridge — along with 25,000 other “smart” appliances — was responsible for sending upwards of 750,000 spam emails over a two-week period.
2. Nanny cams
File this one under “terrifying.” In August 2013, two parents in Texas woke up to the sound of a stranger taunting their 2-year-old daughter via the baby monitor in her room. The stranger knew the girl’s name, and didn’t hesitate to use indecent language. Needless to say, the cam was immediately unplugged.
3. A United Airlines flight
This hack wasn’t in pursuit of cheaper tickets — it targeted the actual plane. The FBI detained security researcher Chris Roberts in May of this year after Roberts claimed to have hacked his plane’s in-flight entertainment system, gained access to the plane’s Thrust Management Computer, and briefly forced one of the aircraft’s engines to climb. United responded by banning Roberts from its fleet and denying his claims, telling the Associated Press “we are confident our flight control systems could not be accessed through techniques he described.”
4. My Friend Cayla
This Internet-connected “smart” doll communicates with children by pushing their words through speech recognition software. Following the toy’s release in November 2014, a security researcher hacked into one and taught the doll to say a few choice words, including quoting Hannibal Lecter and Anastasia Steel from “50 Shades of Grey.”