Skip main navigation

Case study: Jeep Cherokee attack

This step discusses the famous Jeep Cherokee attack.
© Coventry University. CC BY-NC 4.0
The famous Jeep Cherokee attack in 2015 was the turning point for the automotive industry.
It was carried out by two security researchers – Charlie Miller and Chris Valasek. They were able to remotely hack the vehicle and control its functions, including the steering wheel, brakes, accelerator, wipers and radio, due to a vulnerability in the car’s entertainment system.
Before this case, many automotive manufacturers believed that it was not possible to launch remote attacks on vehicles. Jeep Cherokee was selected due to its large attack surface, simple architecture and several advanced physical features, making it an ideal candidate. Due to this attack, around 1.4 million vehicles were recalled.
As a start point, Miller and Valasek (2015) targeted the multimedia system by hacking the wifi and exploiting the automatic password generation that occurs each time the car starts. Using a brute force approach, they were able to hack into the system without being in close proximity to the vehicle.
They discovered that the wifi password is generated before the actual time and date is set and is based on a default system time, plus a few seconds, during which the head unit starts.
Finally, they were able to take control over the head unit by exploiting common vulnerabilities in the software. By controlling the head unit remotely, various attacks can be launched, such as a sudden increase in the volume, or turning off GPS.

Potential remote attack surface in Jeep Cherokee

Some of the attacking points discovered by Miller and Valasek in the Jeep Cherokee are as follows: TPMS, Bluetooth, FM/AMXM, RKE, cellular, internet through radio, RFHM (radio frequency hub) to controller area network (CAN) bus.
They exploited one of the vulnerabilities in the car infotainment system that uses cellular connection to provide access to the internet and other services.

Your task

Further information about the Jeep Cherokee attack can be found here.
Conduct some research to find out what other ways Miller and Valasek tried to attack the in-vehicle networks.

Reference

Miller, C., and Valasek, C. (2015) Remote Exploitation of an Unaltered Passenger Vehicle. Las Vegas: Black Hat USA
© Coventry University. CC BY-NC 4.0
This article is from the free online

Automotive Cyber Security: An Introduction

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education