Black Hat Las Vegas: Miller, Valasek unveil new attack, retire from car hacking

Chris Vasalek and Charlie Miller presented at Black Hat 2016 (Photo by SC)
Chris Vasalek and Charlie Miller presented at Black Hat 2016 (Photo by SC)

Famed car hackers Chris Valasek and Charlie Miller hung up their spikes Friday at Black Hat, announcing at the end of their presentation that they were moving on, but not before revealing a few more vulnerabilities in a Jeep Cherokee.

The pair, who made major waves last year when they showed how they could remotely take control of a Jeep's braking system, did so again this year. The difference this time around is the hack was done at speeds over 5mph, something the duo was unable to accomplish the first time around.

However, almost overshadowing that news was their statement that they were putting aside their car hacking research.

“We are going to hang up car hacking, someone else can pick it up,” Valasek told the crowd, with Miller encouraging others to continue their work.

Neither would say whether or not they will be attacking another project. The car hacking had been done on their own time and was mostly self-funded.

Miller and Valasek spoke before a huge crowd, explaining how they got around the speed restrictions thus enabling them to take control of the vehicle at speed. The hack was accomplished by going through the engine control unit (ECU) located in the steering column where they were able to send signals through the adaptive cruise control mechanism to turn the car, slam on the emergency brake and turn off the power steering. Unlike last year's hack of the Jeep, this one was not accomplished remotely, but through the vehicle's CAN network that the pair access through a USB port on the dashboard.

Miller said they had already shown how to remotely control the vehicle so this year they wanted to show what could be done once someone was inside the system.

Last year the two used the Jeep's audio/video system to gain entry. From there they hacked the diagnostic system to gain control. However, the diagnostic system does not allow any changes to be made at speeds over 5mph, so by using a different entry methodology they were able to do the hack at higher speeds.

However, despite their accomplishment, there is little danger in this type of attack being pulled off in the wild.

Valasek said that even though they were successful, the hack was extremely difficult, time-consuming and expensive. He said he did not believe more than a handful of people in the world could replicate their efforts.

Miller thinks it likely that other car brands are also susceptible to this type of hack, but he could not say for certain since their research was limited to a few vehicles.

What the pair did definitively say is that the car manufacturers had not changed their attitudes when it came to accepting and dealing with being hacked. “They hate us.”

Chrysler reacted to what happened last year by applying a firmware patch and instructing Sprint to no longer send TCP/IP traffic to its cars.