In July 2015, two hackers – Charlie Miller and Chris Valasek – teamed up with Wired Magazine for an interesting (and scary) experience. The hackers were going to remotely hack into a Jeep with Wired’s Andy Greenberg behind the wheel on a highway. Now the question could be, why would these hackers care to do such a thing and why does it matter? The hackers’ intent wasn’t to show why it could be done, but more of that it can be done. If hackers could easily manipulate a car, and essentially be able to control the persons in the car, then what else could hacker’s control that don’t have tight security?
The experiment started with Andy Greenberg driving 70 mph on a highway in St. Louis. The hackers seized their control by remotely tapping into the Grand Cherokee’s entertainment system – which is controlled by satellite. By having the Jeep’s computer run by satellite the hackers were able to install their hacking code (produced by Miller and Valasek within a year’s time) via the internet. Once the hackers, who were sitting comfortably on a basement couch in Miller’s home, installed the code into the car, they were able to begin manipulating the cars vents and blasted cold air at the maximum setting. Next, the radio switched on with full volume. Greenberg tried to turn off the radio manually, however was unable to do so because the computer was in full control of the hackers. This would become a problem in the long run when the hackers cut the transmission.
Greenberg pressed on the pedal, however the accelerator had completely stopped functioning. The Jeep finally lost its speed, slowing down to a crawl. Greenberg had no way to pull over as there was no shoulder on the long overpass he was stuck on. His Jeep was stuck on a lane, with cars blaring their horns at him. Throughout the experiment, Greenberg was able to communicate to the hackers, but because of the blaring radio he was unable to hear them when Valasek shouted, “You’re doomed!” Greenberg had to call the hackers and begged them to make it stop.
In the real world, one wouldn’t be able to easily communicate with hackers. And one may not be able to get them to stop hacking, even if asked politely to do so. This experiment brings a scary realization to the forefront, especially knowing that Miller and Valasek’s hacking technique – known in the security industry as zero-day exploit – can target any Jeep Cherokee, giving the hacker complete wireless control. Their code is a software that lets hackers send commands to the car’s dashboard functions, steering, brakes and transmission. The scariest thing about it all? This code can be coming from a laptop that may be across the country, making it almost impossible to catch your hackers.
This innovation has sparked interest in legislation as senators Ed Markey and Richard Blumenthal plan to introduce an automotive security bill to set new digital security standards for cars and trucks. This call to action was set by Miller and Valasek’s first automotive hack in 2013, when they hijacked Greenberg’s Ford Escape and Toyota Prius while being wired to the car’s onboard diagnostic port, a feature normally used by repair technicians to access information on the car’s electronic controlling system. Two years later, now that hacking has progressed wirelessly, this auto-hacking forestalling couldn’t be timelier.
Jeeps are not the only cars able to be manipulated. Thanks to Chrysler’s Uconnect feature that controls the vehicle’s entertainment and navigation, enables phone calls and offers a Wi-Fi hot spot, the cellular connection from this feature enables anyone who knows the car’s IP address to gain access to the car anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says.
To read more about which cars are susceptible to hackers and more information about Miller and Valasek’s work, visit Andy Greenberg’s article “Hackers Remotely Kill a Jeep on the Highway – With Me in it” on Wired’s website here: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Three Pillars of ASI Security -
- Prepare: You cannot secure your environment until you understand where your assets are vulnerable
- Protect: Once critical assets are identified steps must be taken to secure and monitor
- Respond: A breach will happen, how an organization responds is absolutely critical
ASI Security Overview Brochure 2015
ASI System Integration, Inc. is North America’s leading independent provider of IT services, solutions, and technologies. As a leading system integrator, ASI builds world-class IT solutions that fit the unique requirements of customers. Representing the most influential OEMs in the industry, ASI rides on the cutting edge of the technology wave. That is, they know technology, where it's been, and where it's going. The solutions they represent, implement, and support are designed to launch customers from their current state into a more mature IT arena, setting them above competition. ASI strives to build quality solutions that bring efficiency, effectiveness, and return on investments.
ASI has five tightly integrated business units
Our consulting & integration portfolio offers a range of services, from strategic IT advice, to cloud consulting, and data center transformation services.
Our optimized and agile single point-of-contact solutions meet all of our clients’ sourcing, integration, deployment, and IT management requirements.
Our certified and experienced technology professionals ensure maximum system availability and minimal service disruption to our clients’ infrastructure.
- Asset Disposition Services
Our services reduce the risk, cost, and complexity associated with securely managing the disposition and return of end-of-life technology across multiple global locations in an environmentally compliant manner.
- Technology Workforce Solutions
Our technical experts and consultants link people with performance to maximize human capital in today's competitive and changing economic and social environment.