TODAY   |  July 29, 2013

Two experts demonstrate carjacking gone digital

Two tech experts, Chris Valazek and Charlie Miller, told Forbes magazine that criminals can hack into a car’s built-in computers to manipulate such gauges as the speedometer, and even take  control of the wheel. They give Carson Daly a startling demonstration on the plaza.

Share This:

This content comes from Closed Captioning that was broadcast along with this program.

>>> now with something to think about before you hop behind the wheel this morning of your car. the latest issue of forbes magazine is calling attention to what could be the auto industry 's next major problem. carjacking gone digital.

>>> buckle up, you're going to need it. it's quite terrifying when you don't have brakes, right?

>> this isn't carjacking, it's car hacking .

>> it was in reverse and trying to park itself he went out for a unique test drive with chris and charlie miller two tech geniuses who came the ultimate backseat drivers.

>> you guys both buckled up?

>> yeah.

>> i can forge that you're about to be in a wreck. by wiring into a car's dozens of built in computers that can change the gas gauge and speedometer.

>> it says we're going 199 miles per hour which is not the case.

>> even steering with an old school controller. this highlights the risk of the world going digital.

>> the directions the cars are going in is they're becoming more vulnerable.

>> toyota noted in a statement that the type of hacking shown require a physical presence inside the vehicle, partial disassembly of the instrument panel as well as hard-wired connection. all of which would be obvious.

>> we'd like to see detroit welcome hackers in to test their products and expose vulnerabilities they couldn't find themselves.

>> tests that in the knnear future could take on a new level.

>> he is a twitter engineer and chris is the director and they brought a test vehicle, a ford escape to show the potential vulnerability that cars could pose. first you're computer security guys. what makes you want to check into the vulnerability of a car?

>> i always did windows hacking stuff and dr. millers did iphone hacking and we decided to do something new. we both like cars so we figure why not automobiles.

>> some people might call it a nice party trick and one could be the ford motor company who we reached out to that have a statement that says this particular attack was not performed remotely over the air but as a highly aggressive direct physical manipulation of one vehicle which would not be a risk to customers. is there a threat or no?

>> sure. a couple of years ago they showed you can remotely attack cars. we were just following up on that research.

>> we want to see what you can do once you're inside the car's network.

>> i want to get inside the car and see the extent of it.

>> let's do it.

>> i'm going to jump in this car as a driver and let's mock up with a you are capable of doing.

>> buckle up.

>> let's just pretend i'm going to take a spin down the plaza. the car is on. we're not moving. i'm ready to go.

>> yeah, the first thing we can do is trick the odometer and speedometer.

>> there you go. it went to 100 miles per hour. and we're not going 100 miles per hour. that's one of the tricks. take your hands off the wheel. charlie will be able to turn the wheel.

>> wow.

>> we can do that while it's driving as well.

>> what is he tapping into? the there an operating system common on all cars.

>> no, it's a lot of work for an individual manufacturer and model.

>> you're sort of hard wired into this particular car. it is possible to be done remotely. research shows you can get it exploited and on the car's network.

>> i'm glad you guys are on our side.

>> yeah.

>> what else can it do?

>> the last thing we can do is completely immobilize the car. we can till tkill the engine. you can try and start the car again.

>> wow it won't start.

>> we can do that for as long as we want.

>> could you turn the engine off while i was driving.

>> yeah.

>> what did you do with this data once you started figuring it out?

>> we wanted to collect the data and put it in