Fears about nefarious use of IoT have moved from the theoretical to the demonstrated. A Jeep Cherokee, driven on a real expressway with traffic, was hacked and the engine shut down from a remote location, via the internet. This could easily be life threatening. It could make the problem of identity theft, a bad as it is, pale in comparison.
“Hackers remotely kill a Jeep on the Highway – With Me In it” was the title of an article by Andy Greenberg in Wired. Andy goes on to say:
“I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought….”
Andy had willingly worked with the hackers and had been warned that they would do something like this. The time and place of the hack was unknown so that Andy could experience the effect of such a hack. It was set up in a way that it would not be life threatening. None the less, it is sobering. The hackers used the internet, through the entertainment system, to get access. Apparently there are several Jeeps that were identified that they could have hacked.
An accomplished engineer friend did not believe me when I told him the story until I showed him the article in Wired. The reality of it is backed up by Chrysler’s recall of 1,400,000 vehicles to add a software fix.
These hackers did this merely to demonstrate that it is actually possible. Previously, they had gotten little traction with their assertions that this could be done, so they had to prove it. These are the good guys. They are exposing vulnerabilities before real harm is done. Published reports indicate that they are working with Chrysler to show the deficiency and help with the fix.
I have made liberal use of the article from Wired because it is the best example of a security problem with IoT (Internet of Things) interconnectivity that I have seen. I suggest reading Wired for this and other informative articles.
The IoT is upon us and security is a major issue. If anything, this hack of a Jeep should send a warning message to everyone that security needs to be addressed. It is not clear what the role of government should be but it is clear to me that, as a consumer, I need to be aware. Perhaps it is time to write to our congressmen and ask what they are doing about the problem. I think these problems can and will be solved, but until they are, all developers must be aware of the potential problems of sloppy code. Likewise, all consumers need to be aware of potential problems and push their political leaders toward getting IoT security issues resolved.