Chris Valasek on Hacking The Jeep Cherokee

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

If its midsummer, it must be time for hacker summer camp. The Black Hat Briefings cybersecurity conference kicks off tomorrow in Las Vegas, after a year that saw both Black Hat and DEFCON postponed. Both conferences will be held in person and online And, after a year interrupted by the COVID pandemic, 2021 promises a return to something approaching normal – if you can look past the surging Delta Variant COVID cases in and around Las Vegas. 

With the event almost upon us, we’re running an encore edition of the podcast and looking back to one of the the most significant Black Hat presentations of all time, the 2015 demonstration of a wireless, software based hack of a Chrysler Jeep Cherokee by security researchers Chris Valasek and Charlie Miller. 

In this interview from July 2015, I speak with Chis, who was then, the Director of Vehicle Research at IOActive about the work he and Charlie did to develop their wireless attack that gave them remote control the Cherokee’s braking, steering and acceleration of late model Chrysler vehicles. (Chris is now the Director of Product Security at Cruze.)

The issue is one that has taken on even more importance in the six years since this interview aired. For one thing: the role of software in modern vehicles has only grown, with software based hands free and “autonomous” driving features now common in late model vehicles. Tesla recently released FSD v9 – an update to its “fully self driving” software that – the company admits – is a bit of a misnomer. NHTSA is investigating three dozen crashes involving vehicles using driver assistance features.  

Autonomous vehicles could save more lives than they take. That might not matter.

As it has in recent years, DEFCOn will feature a Car Hacking Village this year that brings together some of the world’s top automotive cyber experts (and a lot of tinkerers) to poke holes in common vehicle hardware and software systems. With US roads being used as a test bed and drivers filling in as “crash test dummies” for companies like Tesla,…