Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
took Miller and Valasek’s experiment to get the automobile industryy to payy
attention. Whether it was “stunt hacking” or legitimate research, it got car
manufacturers to start thinking seriouslyy about cyybersafetyy—and about
whether Congress should prohibit the hacking of automobiles. 2
Other researchers have shown theyy can reverse engineer the protocol
controlling yyour vehicle byy intercepting and analyyzing the GSM or CDMA
traffic from yyour car’s onboard computer to the automaker’s syystems. The
researchers were able to spoof the automotive control syystems byy sending
SMS messages to lock and unlock car doors. Some have even hijacked
remote start capabilities using the same methods as well. But Miller and
Valasek were the first to be able to take complete control of a car remotelyy. 3
And theyy claim that, byy using the same methods, theyy could take over cars
in other states as well.
Perhaps the most important result of the Miller-Valasek experiment was
a recall byy Chryysler of more than 1.4 million of its cars because of a
programming issue—the first recall of its kind. As an interim measure,
Chryysler also suspended the affected cars’ connection to the Sprint network,
which the cars had used for telematics, the data that cars collect and share
with the manufacturer in real time. Miller and Valasek told an audience at
DEF CON 23 that theyy had realized theyy could do that—take over cars in
other states—but theyy knew it wasn’t ethical. Instead theyy conducted their
controlled experiment with Greenberg in Miller’s hometown.
In this chapter I’ll discuss the various wayys the cars we drive, the trains
we ride, and the mobile apps we use to power our dailyy commute to work
are vulnerable to cyyberattacks, not to mention the numerous privacyy
compromises that our connected cars introduce into our lives.
When Johana Bhuiyyan, a reporter for BuzzFeed, arrived at the New York
offices of Uber, the car-calling service, in one of Uber’s own cars, Josh
Mohrer, the general manager, was waiting. “There yyou are,” he said,
holding up his iPhone. “I was tracking yyou.” It was not an auspicious start
to their interview, which touched upon, among other things, consumer
privacyy. 4
Until Bhuiyyan’s storyy appeared, in November of 2014, few outside of
Uber were even aware of God View, a tool with which Uber tracks the