Front view of a 2014 Jeep Cherokee showcasing its modern design, highlighting the vehicle involved in the cybersecurity hack of 2015.
Cybersecurity threats often seem distant, confined to the digital realm. However, the reality of these threats became alarmingly tangible in 2015 when white hat hackers demonstrated a remote takeover of a moving vehicle, specifically a Jeep Cherokee. This incident wasn’t just about digital disruption; it was a stark reminder of the potential physical dangers of automotive cybersecurity vulnerabilities.
Six years prior to the widespread attention, cybersecurity experts Charlie Miller and Chris Valasek achieved a feat that sent shockwaves through the automotive industry. They successfully executed a remote hack on a Jeep Cherokee while it was being driven on a highway. Their demonstration wasn’t subtle – they activated windshield wipers, manipulated the radio volume, and ultimately, disabled the engine, bringing the vehicle to an abrupt halt. This exploit highlighted a critical security gap, revealing that a malicious actor could potentially gain remote access to 1.4 million vehicles, seizing control of vital functions like steering and braking.
This groundbreaking 2015 Jeep hack was the result of years of dedicated research by Miller and Valasek. Their initial forays into vehicle hacking involved physically connecting to a 2010 Ford Escape and a 2010 Toyota Prius. At the time, automakers viewed these wired hacks as low-risk scenarios. However, the landscape of automotive technology was rapidly evolving. The 2010s witnessed an explosion in vehicle connectivity, sophisticated infotainment systems, and advanced driver-assistance systems (ADAS) such as automatic emergency braking and lane-keeping assist. This technological leap, while enhancing vehicle functionality and driver convenience, simultaneously broadened the attack surface for cyber threats. As vehicles became increasingly reliant on computer systems for core operations, the potential for remote exploitation grew exponentially.
The 2014 Jeep Cherokee became the hackers’ target of choice. It represented a confluence of modern automotive features, making it an ideal platform to test the limits of remote vehicle hacking.
Decoding the 2015 Jeep Cherokee Remote Hack
The process of remotely hacking the Jeep Cherokee, while complex, can be broken down into a series of stages. Miller and Valasek meticulously documented their attack chain in a comprehensive 91-page research paper.
1. Target Identification:
The initial step for the hackers was to locate and identify vulnerable vehicles. This required obtaining the target vehicle’s IP address. While methods like VIN-based tracking were considered, a more efficient approach leveraged the Sprint cellular network, to which the affected vehicles were connected. By scanning the Sprint network, attackers could identify lists of connected vehicles susceptible to the exploit.
This scanning capability raised a particularly alarming possibility: the creation of a self-propagating computer worm specifically designed for cars. Such a worm could autonomously scan for vulnerable vehicles, exploit them, and then replicate itself to infect more vehicles, creating a cascading cybersecurity threat. Miller and Valasek explicitly cautioned against such malicious applications in their paper, underscoring the severity of the vulnerability. This initial access point, whether through Wi-Fi or cellular connections, marked the beginning of the attack sequence.
2. Exploiting the Head Unit’s OMAP Chip:
Modern vehicle infotainment systems, often featuring touchscreen interfaces, are essentially specialized computers. These head units, while branded by automakers, are typically manufactured by automotive parts suppliers. The 2014 Jeep Cherokee utilized the Fiat Chrysler Automotive UConnect system, produced by Harman Kardon.
At the heart of these systems are processors like the OMAP chip. Hackers targeted this chip to inject and execute malicious code, effectively compromising the UConnect system’s intended functionality.
3. Gaining Control of the UConnect System:
Successful exploitation of the OMAP chip granted the hackers access to the UConnect system’s controls. At this stage, they could manipulate various in-cabin features, such as changing radio stations, abruptly increasing volume, and controlling the HVAC system to blast hot or cold air. While these actions were disruptive and potentially unsettling for drivers, they were largely confined to infotainment functions and did not yet extend to physical vehicle control.
4. Flashing the V850 Chip with Custom Firmware:
To gain command over physical vehicle operations, the hackers needed to bypass the head unit and target the chip responsible for interfacing with critical control modules like braking and steering. In the 2014 Jeep Cherokee, this chip was the Renesas V850.
Normally, direct access to the V850 chip from the head unit is restricted. However, Miller and Valasek ingeniously developed custom firmware that could be remotely installed onto the V850 chip through the previously exploited vulnerabilities. This custom firmware acted as a bridge, enabling communication and control between the compromised UConnect system and the vehicle’s physical control systems.
5. Executing Cyber-Physical Actions:
With the V850 chip compromised and running their custom firmware, the hackers achieved the most alarming level of control: the ability to command physical actions of the Jeep Cherokee remotely. They demonstrated the capability to manipulate steering, activate and disable brakes, control windshield wipers, shut off the engine, and even alter speedometer readings.
These cyber-physical actions had profound safety implications. In a real-world scenario, such control could be weaponized to cause serious accidents, injuries, or fatalities. The demonstration underscored the critical need to secure not just the digital interfaces of vehicles but also the underlying systems that govern physical operations. Miller and Valasek presented their findings at the DEFCON security conference in 2015, making their research and the potential dangers publicly accessible.
The Fallout from the Jeep Hack and Industry Response
Crucially, Miller and Valasek were ethical, white hat hackers. Their objective was to expose vulnerabilities to improve vehicle security, not to exploit them maliciously. They responsibly disclosed their findings to Chrysler (now Stellantis), the vehicle manufacturer, before making their research public.
Following a WIRED article and video showcasing the Jeep Cherokee vulnerability in 2015, Sprint swiftly blocked the network port used in the hack, effectively closing the remote access point. On the same day, Fiat Chrysler Automotive (FCA) initiated a recall of 1.4 million affected vehicles to deploy a security patch. This recall was unprecedented, marking the first instance of a physical product recall triggered by a cybersecurity vulnerability.
In 2016, the National Highway Traffic Safety Administration (NHTSA) published Cybersecurity Best Practices for Modern Vehicles, a non-binding guide for the automotive industry. This document signaled the NHTSA’s recognition of cybersecurity as a critical safety concern in the automotive sector.
NHTSA’s Stance: Towards Enhanced Automotive Cybersecurity
Currently, the automotive industry lacks mandatory cybersecurity standards, and vehicles are not assigned cybersecurity safety ratings akin to crash safety stars. However, the NHTSA’s influence in vehicle safety is substantial. The agency’s 2016 document made it clear that cybersecurity falls under its purview, even without specific Federal Motor Vehicle Safety Standards in place.
“Vehicles are cyber-physical systems and cybersecurity vulnerabilities could impact safety of life. Therefore, NHTSA’s authority would be able to cover vehicle cybersecurity, even though it is not covered by an existing Federal Motor Vehicle Safety Standard at this time. Nevertheless, motor vehicle and motor vehicle equipment manufacturers are required by the National Traffic and Motor Vehicle Safety Act, as amended, to ensure that systems are designed free of unreasonable risks to motor vehicle safety, including those that may result due to existence [sic] of potential cybersecurity vulnerabilities.”
Introduction, Cybersecurity Practices for Modern Vehicles
The NHTSA emphasized that automakers are legally obligated to ensure vehicle safety, and this responsibility extends to mitigating cybersecurity risks that could compromise safety. Cybersecurity flaws, therefore, are not merely financial risks; they are potential threats to human life, giving the NHTSA grounds to mandate recalls for cybersecurity-related safety defects.
The NHTSA’s guidance document promotes a proactive approach to automotive cybersecurity, recommending several key practices:
5.1 Layered Approach
A layered approach to vehicle cybersecurity reduces the probability of an attack’s success and mitigates the ramifications of a potential unauthorized access. …
This approach should:
-
Be built upon risk-based prioritized identification and protection of safety-critical vehicle control systems and personally identifiable information
-
Provide for timely detection and rapid response to potential vehicle cybersecurity incidents in the field
-
Design-in methods and measures to facilitate rapid recovery from incidents when they occur
-
Institutionalize methods for accelerated adoption of lessons learned across the industry through effective information sharing, such as through participation in the Auto ISAC.
This layered security approach aligns with the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, emphasizing incident response through five stages: “Identify, Protect, Detect, Respond, Recover.” This framework provides a robust structure for developing effective cybersecurity incident response plans.
6.1 Vehicle Development Process With Explicit Cybersecurity Considerations
Companies should make cybersecurity a priority by using a systematic and ongoing process to evaluate risks. This process should give explicit considerations to privacy and cybersecurity risks through the entire life-cycle of the vehicle. The life-cycle of a vehicle includes conception, design, manufacture, sale, use, maintenance, resale, and decommissioning. Safety of vehicle occupants and other road users should be of primary consideration when assessing risks.
The NHTSA stresses the integration of cybersecurity risk assessments throughout the entire vehicle lifecycle, from design to decommissioning. Proactive risk assessment is fundamental to any effective cybersecurity strategy, enabling informed decisions about security measures for connected products and services.
6.2 Leadership Priority on Product Cybersecurity
It is essential for the automotive industry to create corporate priorities and foster a culture that is prepared and able to handle increasing cybersecurity challenges. …
-
Allocating dedicated resources within the organization focused on researching, investigating, implementing, testing, and validating product cybersecurity measures and vulnerabilities
-
Facilitating seamless and direct communication channels through organizational ranks related to product cybersecurity matters
-
Enabling an independent voice for vehicle cybersecurity related considerations within the vehicle safety design process.
The NHTSA highlights the critical role of leadership in establishing a strong cybersecurity culture within automotive organizations. Leadership commitment, resource allocation, and open communication channels are essential for effectively addressing the growing cybersecurity challenges in the automotive industry. Tesla, under Elon Musk’s leadership, serves as an example of a company prioritizing cybersecurity, implementing bug bounty programs and proactive security measures.
The Road Ahead for Automotive Cybersecurity
The 2015 Jeep Cherokee hack served as a watershed moment, bringing automotive cybersecurity into sharp focus. However, the threat landscape continues to evolve. Vehicles are becoming increasingly complex and interconnected, expanding the potential attack surface. Despite industry efforts to enhance security, the possibility of new, remotely accessible vulnerabilities remains a persistent concern.
Furthermore, the increasing integration of data collection and payment systems into vehicles introduces new cybersecurity dimensions. Vehicles are poised to collect granular GPS data and facilitate in-car payments for services like fuel and charging, as exemplified by Tesla’s Supercharger payment system. This trend transforms vehicles into repositories of sensitive personal and financial data, making them attractive targets for traditional cybercrimes like credit card theft and data breaches.
Automotive cybersecurity is a rapidly advancing field, demanding continuous vigilance and proactive security measures. For automakers and related organizations, prioritizing vehicle and connected system protection is paramount. Implementing comprehensive cybersecurity strategies, including regular cybersecurity risk assessments and adherence to industry standards like SOC 2 and ISO 27001, is crucial for bolstering the security posture of modern vehicles and safeguarding drivers in an increasingly connected world.
