{"id":16710,"date":"2016-11-17T22:29:32","date_gmt":"2016-11-18T03:29:32","guid":{"rendered":"https:\/\/digital.hbs.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/"},"modified":"2016-11-17T22:29:32","modified_gmt":"2016-11-18T03:29:32","slug":"dude-wheres-my-car-car-hacking-in-the-digital-age","status":"publish","type":"hck-submission","link":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/","title":{"rendered":"Dude, Where\u2019s My Car? Car Hacking in the Digital Age"},"content":{"rendered":"

Dude, Where\u2019s My Car? Car Jacking<\/span> Hacking in the Digital Age<\/strong><\/p>\n

In 2015, Chrysler recalled over 1.4 million vehicles after hackers proved that they could remotely hijack a Jeep\u2019s digital control systems over the internet.[1]<\/a> In a popular video<\/a> posted to Wired Magazine\u2019s website, hackers Charlie Miller and Chris Valasek demonstrated how they could use the internet to gain wireless control of thousands of vehicles from their laptop.[2]<\/a> Using what\u2019s known in the cyber security industry as a \u2018zero-day\u2019 exploit\u2014a previously undiscovered vulnerability in an operating system that\u2019s been there since the system was coded\u2014Chris and Charlie were able to use the 2015 Jeep Grand Cherokee\u2019s internet-connected entertainment system to send commands to the vehicle\u2019s steering, brakes, transmission, radio, and dashboard functions.[3]<\/a> To prove how powerful (and dangerous) their discovery was, the two hackers seized control of a Jeep driven by a Wired reporter in an experiment, cutting the vehicle\u2019s transmission and bringing it from 70mph to a dead-stop on a highway outside St. Louis.[4]<\/a><\/p>\n

\n\"jeep-hacked\"Photo Credit: Wired.com<\/p>\n

How is this possible you ask? The answer lies in the rush by automakers like Chrysler to \u201cturn the automobile into a smartphone.\u201d[5]<\/a> Automakers have competed with each other to offer internet connected services for entertainment, navigation and safety\u2014features that earn the companies significant recurring monthly revenue streams long after a car drives off the lot.[6]<\/a> In the push to get internet-enabled features into vehicles, automakers like Jeep parent Fiat Chrysler have generally failed to secure them from digital attack. Chris\u2019 and Charlie\u2019s discovery of a vulnerability in the \u2018UConnect\u2019 internet-connected computer found in thousands of new vehicles produced by Fiat Chrysler gave them access to the most critical functions of a vehicle.[7]<\/a> The UConnect software enables Chrysler vehicles to connect to the internet for entertainment and navigation purposes while also enabling drivers to make phone calls and have access to wifi.[8]<\/a> In all, Chris and Charlie estimate that there are as many 471,000 vehicles vulnerable to their UConnect hack.[9]<\/a><\/p>\n

\"no-hands\"Photo Credit: Wired.com<\/p>\n

How did Chris and Charlie discover a vulnerability in UConnect? Simple: they signed up for mechanics accounts on Chrysler\u2019s website and downloaded technical manuals and wiring diagrams for vehicles including the Jeep Grand Cherokee used in their demonstration.[10]<\/a> Luckily, the two hackers were cybersecurity researchers and readily shared their discovery with Chrysler, allowing the company to fix the security flaw in a massive recall.[11]<\/a> While the recall was embarrassing and costly for Chrysler, no one was hurt and the vulnerability Chris and Charlie discovered has since been fixed according to the company.[12]<\/a> But the success of the two hackers in rendering a $45,000 vehicle inoperable points to larger issues\u2014namely, why was it so easy for two researchers to find a way in?<\/p>\n

 <\/p>\n

While Chrysler quickly developed and distributed a patch to fix the zero-day exploit utilized by Chris and Charlie, the incident should serve as a wakeup call to automakers\u2014and makers of internet connected devices everywhere\u2014to the need to think about cybersecurity when designing, building and installing internet connected devices. Chris and Charlie argue that their discovery shows the need to build better protections into vehicles before automotive hacking becomes a practical threat.[13]<\/a> How has Chrysler responded? By embracing the work of the two hackers and offering an industry-first $2,500 \u201cbug bounty\u201d to hackers who inform the company of new security flaws discovered in its vehicles.[14]<\/a> But Chris and Charlie worry that automakers are moving too slow. In August of this year, just days after the hackers presented findings at the annual Black Hat conference that showed Chrysler\u2019s patch hadn\u2019t completely shut off outside access to the UConnect system, police in Houston, Texas arrested two men accused of using their laptop to steal 30 Jeeps over a six-month period.[15]<\/a> The thieves are accused of hacking Chrysler\u2019s DealerCONNECT software to reprogram vehicles\u2019 security systems to accept a generic key and remotely start them.[16]<\/a> The Department of Homeland Security estimates that over 100 Fiat Chrysler vehicles have been stolen nationwide using similar methods.[17]<\/a><\/p>\n

\n\"CharliePhoto Credit: Wired.com<\/p>\n

While there are certainly a myriad of benefits to internet-connected vehicles, including Tesla\u2019s innovative over-the-air software updates that improve vehicle functionality and emissions performance, automakers everywhere must recognize that they are responsible for protecting consumers from the dangers of connecting vehicles to the internet of things. In an age when a webcam can take down the internet (seriously<\/a>), companies everywhere must change their business and operating models to reflect this new responsibility. For automakers, these changes look like more robust testing and de-bugging of internet connected devices and a commitment to employing leading cybersecurity measures. Government regulations must also be updated to reflect the challenges posed by the internet of things. Regulations should hold automakers accountable for protecting consumer safety in the same way that they currently mandate crash-testing and seatbelt use.<\/p>\n

 <\/p>\n

(Word Count: 783)<\/p>\n

[1]<\/a> Greenberg, Andy. “Hackers Remotely Kill A Jeep On The Highway–With Me In It.”\u00a0Wired<\/em>\u00a021 July 2015<\/p>\n

[2]<\/a> Greenberg, Andy. “Hackers Remotely Kill A Jeep On The Highway–With Me In It.”\u00a0Wired<\/em>\u00a021 July 2015<\/p>\n

[3]<\/a> Greenberg, Andy. “Hackers Remotely Kill A Jeep On The Highway–With Me In It.”\u00a0Wired<\/em>\u00a021 July 2015<\/p>\n

[4]<\/a> Greenberg, Andy. “Hackers Remotely Kill A Jeep On The Highway–With Me In It.”\u00a0Wired<\/em>\u00a021 July 2015<\/p>\n

[5]<\/a> Greenberg, Andy. “Hackers Remotely Kill A Jeep On The Highway–With Me In It.”\u00a0Wired<\/em>\u00a021 July 2015<\/p>\n

[6]<\/a> Greenberg, Andy. “Hackers Remotely Kill A Jeep On The Highway–With Me In It.”\u00a0Wired<\/em>\u00a021 July 2015<\/p>\n

[7]<\/a> Greenberg, Andy. “Hackers Remotely Kill A Jeep On The Highway–With Me In It.”\u00a0Wired<\/em>\u00a021 July 2015<\/p>\n

[8]<\/a> Greenberg, Andy. “Hackers Remotely Kill A Jeep On The Highway–With Me In It.”\u00a0Wired<\/em>\u00a021 July 2015<\/p>\n

[9]<\/a> Greenberg, Andy. “Hackers Remotely Kill A Jeep On The Highway–With Me In It.”\u00a0Wired<\/em>\u00a021 July 2015<\/p>\n

[10]<\/a> Greenberg, Andy. “The Jeep Hacker Are Back to Prove Car Hacking Can Get Much Worse.”\u00a0Wired<\/em>\u00a01 Aug. 2016<\/p>\n

[11]<\/a> Greenberg, Andy. “The Jeep Hacker Are Back to Prove Car Hacking Can Get Much Worse.”\u00a0Wired<\/em>\u00a01 Aug. 2016<\/p>\n

[12]<\/a> Greenberg, Andy. “The Jeep Hacker Are Back to Prove Car Hacking Can Get Much Worse.”\u00a0Wired<\/em>\u00a01 Aug. 2016<\/p>\n

[13]<\/a> Greenberg, Andy. “The Jeep Hacker Are Back to Prove Car Hacking Can Get Much Worse.”\u00a0Wired<\/em>\u00a01 Aug. 2016<\/p>\n

[14]<\/a> Greenberg, Andy. “The Jeep Hacker Are Back to Prove Car Hacking Can Get Much Worse.”\u00a0Wired<\/em>\u00a01 Aug. 2016<\/p>\n

[15]<\/a> Lewis, Brooke A. “Police: Suspects Used Laptops to Steal Cars in Houston Area.”\u00a0Houston Chronicle<\/em>. N.p., 4 Aug. 2016. Web. 14 Nov. 2016.<\/p>\n

[16]<\/a> Lewis, Brooke A. “Police: Suspects Used Laptops to Steal Cars in Houston Area.”\u00a0Houston Chronicle<\/em>. N.p., 4 Aug. 2016. Web. 14 Nov. 2016.<\/p>\n

[17]<\/a> Lewis, Brooke A. “Police: Suspects Used Laptops to Steal Cars in Houston Area.”\u00a0Houston Chronicle<\/em>. N.p., 4 Aug. 2016. Web. 14 Nov. 2016.<\/p>\n","protected":false},"excerpt":{"rendered":"

Will hackers soon have us all saying “dude, where’s my car?”<\/p>\n","protected":false},"author":2188,"featured_media":16711,"comment_status":"open","ping_status":"closed","template":"","categories":[513,2378,2377,2309,2019,2376],"class_list":["post-16710","hck-submission","type-hck-submission","status-publish","has-post-thumbnail","hentry","category-car","category-car-hacking","category-chrysler","category-hacking","category-internet-of-things","category-jeep"],"connected_submission_link":"https:\/\/d3.harvard.edu\/platform-rctom\/assignment\/digitization-challenge-2016\/","yoast_head":"\nDude, Where\u2019s My Car? Car Hacking in the Digital Age - Technology and Operations Management<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dude, Where\u2019s My Car? Car Hacking in the Digital Age - Technology and Operations Management\" \/>\n<meta property=\"og:description\" content=\"Will hackers soon have us all saying "dude, where's my car?"\" \/>\n<meta property=\"og:url\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/\" \/>\n<meta property=\"og:site_name\" content=\"Technology and Operations Management\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Car-Hackers-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/dude-wheres-my-car-car-hacking-in-the-digital-age\\\/\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/dude-wheres-my-car-car-hacking-in-the-digital-age\\\/\",\"name\":\"Dude, Where\u2019s My Car? Car Hacking in the Digital Age - Technology and Operations Management\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/dude-wheres-my-car-car-hacking-in-the-digital-age\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/dude-wheres-my-car-car-hacking-in-the-digital-age\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2016\\\/11\\\/Car-Hackers-2.jpg\",\"datePublished\":\"2016-11-18T03:29:32+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/dude-wheres-my-car-car-hacking-in-the-digital-age\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/dude-wheres-my-car-car-hacking-in-the-digital-age\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/dude-wheres-my-car-car-hacking-in-the-digital-age\\\/#primaryimage\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2016\\\/11\\\/Car-Hackers-2.jpg\",\"contentUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2016\\\/11\\\/Car-Hackers-2.jpg\",\"width\":1800,\"height\":1200,\"caption\":\"Charlie Miller (right) a security researcher at Twitter, and Chris Valasek (left), director of Vehicle Security Research at IOActive, have exposed the security vulnerabilities in automobiles by hacking into cars remotely, controlling the cars' various controls from the radio volume to the brakes. Photographed on Wednesday, July 1, 2015 in Ladue, Mo. (Photo \u00a9 Whitney Curtis for WIRED.com)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/dude-wheres-my-car-car-hacking-in-the-digital-age\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Submissions\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Dude, Where\u2019s My Car? Car Hacking in the Digital Age\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\",\"name\":\"Technology and Operations Management\",\"description\":\"MBA Student Perspectives\",\"potentialAction\":[{\"@type\":\"性视界Action\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Dude, Where\u2019s My Car? Car Hacking in the Digital Age - Technology and Operations Management","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/","og_locale":"en_US","og_type":"article","og_title":"Dude, Where\u2019s My Car? Car Hacking in the Digital Age - Technology and Operations Management","og_description":"Will hackers soon have us all saying \"dude, where's my car?\"","og_url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/","og_site_name":"Technology and Operations Management","og_image":[{"width":1800,"height":1200,"url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Car-Hackers-2.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/","url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/","name":"Dude, Where\u2019s My Car? Car Hacking in the Digital Age - Technology and Operations Management","isPartOf":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website"},"primaryImageOfPage":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/#primaryimage"},"image":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/#primaryimage"},"thumbnailUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Car-Hackers-2.jpg","datePublished":"2016-11-18T03:29:32+00:00","breadcrumb":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/#primaryimage","url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Car-Hackers-2.jpg","contentUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Car-Hackers-2.jpg","width":1800,"height":1200,"caption":"Charlie Miller (right) a security researcher at Twitter, and Chris Valasek (left), director of Vehicle Security Research at IOActive, have exposed the security vulnerabilities in automobiles by hacking into cars remotely, controlling the cars' various controls from the radio volume to the brakes. Photographed on Wednesday, July 1, 2015 in Ladue, Mo. (Photo \u00a9 Whitney Curtis for WIRED.com)"},{"@type":"BreadcrumbList","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/dude-wheres-my-car-car-hacking-in-the-digital-age\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/d3.harvard.edu\/platform-rctom\/"},{"@type":"ListItem","position":2,"name":"Submissions","item":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/"},{"@type":"ListItem","position":3,"name":"Dude, Where\u2019s My Car? Car Hacking in the Digital Age"}]},{"@type":"WebSite","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website","url":"https:\/\/d3.harvard.edu\/platform-rctom\/","name":"Technology and Operations Management","description":"MBA Student Perspectives","potentialAction":[{"@type":"性视界Action","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/d3.harvard.edu\/platform-rctom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/16710","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission"}],"about":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/types\/hck-submission"}],"author":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/users\/2188"}],"replies":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/comments?post=16710"}],"version-history":[{"count":0,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/16710\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media\/16711"}],"wp:attachment":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media?parent=16710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/categories?post=16710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}