Remote Exploitation of anUnaltered Passenger Vehicle by Dr. Charlie Miller and Chris Valasek

Target – 2014 Jeep Cherokee

The 2014 Jeep Cherokee was chosen because we felt like it would provide us the best opportunity tosuccessfully demonstrate that a remote compromise of a vehicle could result in sending messages thatcould invade a driver’s privacy and perform physical actions on the attacker’s behalf. As pointed out inour previous research [6], this vehicle seemed to present fewer potential obstacles for an attacker. Thisis not to say that other manufacturer’s vehicles are not hackable, or even that they are more secure,only to show that with some research we felt this was our best target. Even more importantly, the Jeepfell within our budgetary constraints when adding all the technological features desired by the authorsof this paper.

Network Architecture

The architecture of the 2014 Jeep Cherokee was very intriguing to us due to the fact that the head unit(Radio) is connected to both CAN buses that are implemented in the vehicle.

We speculated that if the Radio could be compromised, then we would have access to ECUs on both theCAN-IHS and CAN-C networks, meaning that messages could be sent to all ECUs that control physicalattributes of the vehicle. You’ll see later in this paper that our remote compromise of the head unit doesnot directly lead to access to the CAN buses and further exploitation stages were necessary. With thatbeing said, there are no CAN bus architectural restrictions, such as the steering being on a physicallyseparate bus. If we can send messages from the head unit, we should be able to send them to everyECU on the CAN bus

....

Conclusion

This paper was a culmination of three years of research into automotive security. In it, wedemonstrated a remote attack that can be performed against many Fiat-Chrysler vehicles. The numberof vehicles that were vulnerable were in the hundreds of thousands and it forced a 1.4 million vehiclerecall by FCA as well as changes to the Sprint carrier network. This remote attack could be performedagainst vehicles located anywhere in the United States and requires no modifications to the vehicle orphysical interaction by the attacker or driver. As a result of the remote attack, certain physical systems such as steering and braking are affected. We provide this research in the hopes that we can learn tobuild more secure vehicles in the future so that drivers can trust they are safe from a cyber attack whiledriving. This information can be used by manufacturers, suppliers, and security researchers to continuelooking into the Jeep Cherokee and other vehicles in a community effort to secure modern automobiles