nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Car hacking's dynamic duo offers to save others $1m in research

Miller and Valasek spread the word on hacking archive

By Iain Thomson, 25 Apr 2017

Two famed car hackers claim they can save fellow tinkerers and security researchers a lot of time and money – by handing over their tools and blueprints for free. The pair boast the gear is worth over a million bucks.

Charlie Miller and Chris Valasek were both hackers of renown before they started working together to see if the hardware and software in modern vehicles could be easily compromised. (In short: Yes.) In 2013, the pair demonstrated their skills at the DEFCON security conference, and followed up with talks in following years.

The duo eventually found a way to gain remote access to a Jeep and crashed it off the road. That incident in 2015 sparked a 1.4 million vehicle recall by Chrysler, which cost the car biz some serious coinage.

The research papers the pair have written up over the years, plus all their collected knowhow, documentation and software tools, are now online for all to download, read, use, and build upon. They should be interesting for those who might want to tweak their car's controller area network (CAN) and other systems.

The files were uploaded earlier this year, although many missed that they were available – until Valasek's tweet over the weekend.

As those who go through the archive and attended the talks will know, hacking a car may be complex, however, protecting against hackers is actually relatively simple. Back in 2014 Miller and Valasek demonstrated the Can-no-hackalator 3000, a simple intrusion-detection system that could, allegedly, defeat most hacks. Then there's the old trick of just simply physically cutting off the CAN bus from the outer world.

The fact of the matter is that the car companies just didn't take vehicle hacking seriously. Miller told your humble Reg hack that he has since been thanked by programmers at automakers for enabling them to get the budgets to do some serious penetration testing.

This is also probably going to be the last published research by the pair. Their Black Hat presentations ended last year with a final show on how to defeat the patch Chrysler had put out for their previous talk. The duo said that this would be their last such public foray into the field.

The reason is that they were both hired by car-hailing bad boy Uber last year to harden up its in-car systems, and the firm wasn't keen for them to talk about their work. Since then Miller has joined the exodus of senior staff from the troubled taxi-wannabes and has been concentrating more on his forthcoming appearance on the NBC game show American Ninja Warrior. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing