WEBVTT

1
00:00:02.956 --> 00:00:06.515
<v ->It's not fun to have your two ton SUV's brakes hacked,</v>

2
00:00:06.515 --> 00:00:08.752
just as you're parking in front of a ditch.

3
00:00:08.752 --> 00:00:09.717
Okay, hold on tight.

4
00:00:09.717 --> 00:00:10.550
Hold on.

5
00:00:10.550 --> 00:00:11.542
Oh s*.

6
00:00:11.542 --> 00:00:12.434 line:15% 
That's what I've learned

7
00:00:12.434 --> 00:00:14.769 line:15% 
from Charlie Miller and Chris Valasek,

8
00:00:14.769 --> 00:00:16.637 line:15% 
a pair of hackers who have spent the last year

9
00:00:16.637 --> 00:00:18.138
developing a piece of software

10
00:00:18.138 --> 00:00:22.390
that can wirelessly sabotage this 2014 Jeep Cherokee.

11
00:00:22.390 --> 00:00:24.181
It hasn't been altered in any way.

12
00:00:24.181 --> 00:00:26.058
There are no devices attached to it,

13
00:00:26.058 --> 00:00:28.852 line:15% 
but like many thousands of Jeeps around the world,

14
00:00:28.852 --> 00:00:31.612 line:15% 
it can be remotely hacked over the internet,

15
00:00:31.612 --> 00:00:34.071
through a cellular connection to its entertainment system,

16
00:00:34.071 --> 00:00:36.279
that would allow someone to take over its steering,

17
00:00:36.279 --> 00:00:38.781
its transmission and even its brakes.

18
00:00:38.781 --> 00:00:40.327
To demonstrate that, I'm going to act

19
00:00:40.327 --> 00:00:43.411
as today's crash test dummy and drive it on the highway,

20
00:00:43.411 --> 00:00:45.669
here in St. Louis, while Charlie and Chris

21
00:00:45.669 --> 00:00:49.379
hijack its digital systems from Charlie's house, miles away.

22
00:00:49.379 --> 00:00:51.171
They wouldn't tell me what they had planned,

23
00:00:51.171 --> 00:00:52.004
but they assured me

24
00:00:52.004 --> 00:00:53.878
that it wouldn't be anything life threatening.

25
00:00:53.878 --> 00:00:57.508
<v ->Remember Andy, no matter what happens, don't panic.</v>

26
00:00:57.508 --> 00:00:58.890
<v Andy>It's not the first time I'd driven a car</v>

27
00:00:58.890 --> 00:01:01.473
while it's being attacked by these two hackers,

28
00:01:01.473 --> 00:01:04.531
but in 2013 they were in the back seat

29
00:01:04.531 --> 00:01:06.351
and their laptops were wired into the vehicle

30
00:01:06.351 --> 00:01:08.742
through a port in its dashboard.

31
00:01:08.742 --> 00:01:11.192
Now they're sending the same sort of attacks remotely

32
00:01:11.192 --> 00:01:13.189
and I have no idea what they might do.

33
00:01:13.189 --> 00:01:15.521
<v ->He's going as fast as I've seen him, so.</v>

34
00:01:15.521 --> 00:01:17.409
<v ->First we're going to turn the fan on him.</v>

35
00:01:17.409 --> 00:01:18.284
<v Charlie>Yeah, let's turn the fan on</v>

36
00:01:18.284 --> 00:01:20.534
and see if he even notices.

37
00:01:21.861 --> 00:01:23.227
<v ->All right.</v>

38
00:01:23.227 --> 00:01:26.538
Something just turned on all the fans and A/C and stuff.

39
00:01:26.538 --> 00:01:28.449
I didn't do that.

40
00:01:28.449 --> 00:01:29.839
The tricks started small.

41
00:01:29.839 --> 00:01:31.265
Oh my God!

42
00:01:31.265 --> 00:01:34.430
There's a picture of Charlie and Chris in track suits

43
00:01:34.430 --> 00:01:36.424
that just appeared on the dashboard.

44
00:01:36.424 --> 00:01:37.847
But as I drove down the interstate,

45
00:01:37.847 --> 00:01:40.863
things started getting unpleasant

46
00:01:40.863 --> 00:01:42.210
and very loud.

47
00:01:42.210 --> 00:01:44.960
[loud rap music]

48
00:01:46.955 --> 00:01:47.788
Perfect.

49
00:01:49.736 --> 00:01:51.486
I can't turn it down.

50
00:01:53.330 --> 00:01:54.327
Cool.

51
00:01:54.327 --> 00:01:57.410
Now the air-conditioning is blasting,

52
00:01:58.399 --> 00:02:01.863
the music is blasting and I can't see anything

53
00:02:01.863 --> 00:02:05.300
because of the f*ing windshield wiper fluid.

54
00:02:05.300 --> 00:02:06.441
<v ->Okay, do it.</v>

55
00:02:06.441 --> 00:02:07.274
Do it.

56
00:02:07.274 --> 00:02:08.505
Kill the engine.

57
00:02:08.505 --> 00:02:11.331
<v ->We're killing the engine right now.</v>

58
00:02:11.331 --> 00:02:13.372
<v ->It says the ParkSense.</v>

59
00:02:13.372 --> 00:02:14.936
F*.

60
00:02:14.936 --> 00:02:17.103
Actually, I can't accelerate.

61
00:02:17.103 --> 00:02:20.502
I stomped on the gas, but the Jeep slowed to a crawl.

62
00:02:20.502 --> 00:02:23.817
It says 43 miles an hour, but I'm not going that fast.

63
00:02:23.817 --> 00:02:25.225
I turned on my hazard lights,

64
00:02:25.225 --> 00:02:26.805
but I was still stuck in the right lane,

65
00:02:26.805 --> 00:02:29.011
with no shoulder to escape onto.

66
00:02:29.011 --> 00:02:31.893
Guys, I'm stuck on the highway.

67
00:02:31.893 --> 00:02:32.726
<v ->What did he say?</v>

68
00:02:32.726 --> 00:02:34.392
<v ->I don't know.
I think he's panicking.

69
00:02:34.392 --> 00:02:35.646
He's not going to be able to hear us with that radio.

70
00:02:35.646 --> 00:02:36.729
It's so loud.

71
00:02:38.152 --> 00:02:42.280
<v ->Guys, I need the accelerator to work again.</v>

72
00:02:42.280 --> 00:02:43.321
<v ->The accelerator won't work.</v>

73
00:02:43.321 --> 00:02:44.654
<v ->It won't work.</v>

74
00:02:45.489 --> 00:02:46.552
<v ->You're doomed.</v>

75
00:02:46.552 --> 00:02:48.075
<v ->Seriously, it's f*ing dangerous.</v>

76
00:02:48.075 --> 00:02:49.552
I need to move.

77
00:02:49.552 --> 00:02:52.044
<v ->You got to turn the car off.</v>

78
00:02:52.044 --> 00:02:52.885
<v ->Okay.</v>

79
00:02:52.885 --> 00:02:55.393
<v Charlie>Now you should be good to go.</v>

80
00:02:55.393 --> 00:02:57.517
[truck horn honks twice]

81
00:02:57.517 --> 00:02:59.086
<v Charlie>A semi drove by.</v>

82
00:02:59.086 --> 00:03:00.669
<v ->All right.
I'm going to pull over,

83
00:03:00.669 --> 00:03:02.635
because I have PTSD.

84
00:03:02.635 --> 00:03:03.724
Charlie and Chris have only tested

85
00:03:03.724 --> 00:03:06.761
the full range of their attacks on a Jeep Cherokee,

86
00:03:06.761 --> 00:03:08.306
but they say that hundreds of thousands

87
00:03:08.306 --> 00:03:11.221
of late model Chrysler vehicles may be vulnerable

88
00:03:11.221 --> 00:03:13.346
through a feature called Uconnect,

89
00:03:13.346 --> 00:03:15.692
an internet connected computer in the dashboard

90
00:03:15.692 --> 00:03:17.315
known as its headunit.

91
00:03:17.315 --> 00:03:19.857
<v ->These cars' headunits expose a particular service</v>

92
00:03:19.857 --> 00:03:22.318
that probably they didn't want to.

93
00:03:22.318 --> 00:03:25.235
It lets you do things like query it for information,

94
00:03:25.235 --> 00:03:27.623
like the GPS or the VIN, or all sorts of other things

95
00:03:27.623 --> 00:03:29.243
but it also lets you just run commands.

96
00:03:29.243 --> 00:03:31.701
<v ->You have to first break into the car, remotely,</v>

97
00:03:31.701 --> 00:03:33.579
over the cell network and then move laterally,

98
00:03:33.579 --> 00:03:36.253
if you want to do things like send CAN messages.

99
00:03:36.253 --> 00:03:38.301
Those are the messages that we can use

100
00:03:38.301 --> 00:03:39.717
to control things like steering,

101
00:03:39.717 --> 00:03:41.686
or the windshield wipers, or braking.

102
00:03:41.686 --> 00:03:43.965
<v ->They plan to release a portion of their exploit code</v>

103
00:03:43.965 --> 00:03:47.009
at the annual Black Hat hacker conference next month.

104
00:03:47.009 --> 00:03:48.514
They've also alerted Chrysler,

105
00:03:48.514 --> 00:03:50.927
which is issuing a security patch.

106
00:03:50.927 --> 00:03:52.395
They say a lot more needs to be done

107
00:03:52.395 --> 00:03:54.434
to protect a new generation of cars

108
00:03:54.434 --> 00:03:56.475
that are increasingly connected to the internet

109
00:03:56.475 --> 00:03:58.191
and potentially hackable.

110
00:03:58.191 --> 00:04:00.865
You guys basically brought this car to a standstill

111
00:04:00.865 --> 00:04:02.491
while I was driving it on the highway,

112
00:04:02.491 --> 00:04:05.209
which I may never forgive you for.

113
00:04:05.209 --> 00:04:07.412
That was just an experiment.

114
00:04:07.412 --> 00:04:09.625
What do you think is the worst case scenario?

115
00:04:09.625 --> 00:04:12.286
<v ->We wanted to point out, to show that this attack</v>

116
00:04:12.286 --> 00:04:15.472
has serious consequences for this vehicle.

117
00:04:15.472 --> 00:04:16.972
We did attack you,

118
00:04:18.542 --> 00:04:20.309
but we did it in as safe a way as we could.

119
00:04:20.309 --> 00:04:22.127
We didn't want you to get hurt, obviously.

120
00:04:22.127 --> 00:04:23.726
That's why we're working is to make sure

121
00:04:23.726 --> 00:04:26.721
that we figure out vulnerabilities, weaknesses,

122
00:04:26.721 --> 00:04:28.052
get them fixed.

123
00:04:28.052 --> 00:04:31.180
<v ->We're only two guys with one car.</v>

124
00:04:31.180 --> 00:04:32.682
We can't look at every car.

125
00:04:32.682 --> 00:04:34.217
We want to release this information

126
00:04:34.217 --> 00:04:36.178
because more people like us need to be focused

127
00:04:36.178 --> 00:04:37.476
on this problem.

128
00:04:37.476 --> 00:04:39.367
<v ->After their stunt on the highway,</v>

129
00:04:39.367 --> 00:04:40.287
Chris and Charlie still wanted

130
00:04:40.287 --> 00:04:42.648
to show me a couple of other tricks.

131
00:04:42.648 --> 00:04:43.784
Below a certain speed,

132
00:04:43.784 --> 00:04:45.198
they can control the Jeep's steering,

133
00:04:45.198 --> 00:04:46.817
as long as it's in reverse,

134
00:04:46.817 --> 00:04:49.670
pop its locks, mess with the speedometer,

135
00:04:49.670 --> 00:04:52.587
and, of course, disable the brakes.

136
00:04:53.465 --> 00:04:54.298
Okay, hold on tight.

137
00:04:54.298 --> 00:04:55.162
Hold on.

138
00:04:55.162 --> 00:04:56.406
Ah, s*.

139
00:04:56.406 --> 00:04:57.607
<v Chris>He's not getting out of that.</v>

140
00:04:57.607 --> 00:04:58.440
<v Charlie>You don't think so?</v>

141
00:04:58.440 --> 00:05:02.357
<v Chris>We're going to be doing some pushing.</v>

142
00:05:03.543 --> 00:05:05.139
<v Charlie>That's how you drive in the Midwest.</v>

143
00:05:05.139 --> 00:05:06.521
New Yorkers don't know how to do that.