i cannot turn it down or off. the windshield wipers start to go off on their own accord in spray flew with a steering my vision on the highway. then two guys with track suits appear on the computer on the dashboard. it was a good demonstration what they could do then they took over the transmission altogether and then i cannot accelerate on a highway as cars were lining up behind me and 18 willard -- we there was a we are view mirror honking and the. while most lost it but i held together i was begging

them to make the car work again. finally they told me i just had to restart and we engaged the engine. basically i was paralyzed on that highway. i rolled off the off ramp and did get the transmission being gauged but they had proven a point it is a terrifying experience to have someone take control of this computer on wheels. >> host: how did they do it? >> it is a big piece of research with a lot of steps but the vulnerability is in the head unit and said dash board known as u connect it

has a wi-fi hotspot and one service that was not protected. so they could call into that through cellular connections over the sprint network that they attach to their computer to attack it remotely over the internet to exploit that vulnerability. from there the second step to rewrite the firm where but this time on the controller area that controls all of physical components from steering to breaks and transmissions so from their now they can send a command and they spent months without protocol or po

language that they speak the same way we can trigger the automated functions. so they could have lowe's speeds set off the diagnostic test to disable the brakes they did it to meet what was driving around a parking lot. so i didn't crash into a ditch. but they could figure the self parking system to turn the steering wheel and unlocked the doors that could be used for theft and disable the transmission. >> host: andy greenberg how long have charlie and chris been working on this? >> they started in 2012 and they got a grant from a science-fiction wing of the pentagon working on

futuristic things so they bought a couple of vehicles and in 2013 they had me come to indiana where they demonstrated first they put me inside that car yoda petraeus -- toyota of previous and do these things and it was of a preview into the future. it didn't count freddie automotive industry because they said that isn't real a package as connected to the car like -- a car like a mechanic could do but they could reverse engineer they could slam on the of breaks or disable the breaks of the issue be it was so scary to be behind the of real but it took them two more years to read greens that to a full wireless attack that is

still full magnitude that somebody that somebody across the country or across the world in a different nation could attack the vehicle over the internet causing it to spread as a virus. they could have used that to spread from one chrysler vehicle to another attack being -- attacking the u connect system but potentially doing worse to do their bidding. >> host: they did not even have to be on the whitefly network? >> this is a cellular attack with a the 3d connection -- 3g. but between the two of them

turned the lives in st. louis chrises in pittsburgh and chris can turn on the wind chill vipers from pittsburgh to st. louis this is a true remote the only limitation is the sprint network if it went to europe for china they to do with from there. >> host: why is it the sprint network. >> it is a really with the sprint network is with the u connect computer and chrysler has had a full recall to fix that vulnerability and send out the u.s. be to the drivers to plug into their dashboard to update their software. it is that chrysler problem with the u connect computer

if you have a 2014 chrysler vehicle with a the u connect car you should not put that in your car you should update. >> host: did chris internal use any special e equipment or computers or off iraq? >> the hardware was simple stuff. and then to use the computer they attached the cheap and enjoyed sprint enabled phone but that is anywhere. i should be clear this isn't something anybody could do they are brilliant hackers once been years working for the nsa.

it is not like an economist or teenagers in the basement so aware that they can replicate to but nonetheless it is worth noting it is something they we're doing full-time. chris works as a security consultant but turn the works for twitter at the time and this was a side project like a hobby and in three years they could develop a full remote exploit to take over the jeep if i was driving. >> host: is that older ability limited to u connect in chrysler vehicles? caller: in this case yes. but it isn't a story about the jeep or chrysler but whole automotive industry. they all have catching up to do. in 2010 academic researchers

from california and san diego performed their own remote takeover they didn't say which vehicle they were attacking was only revealed years later 2009 chevrolet sold by general motors and they told them about the whole collection of the of this they found over the internet to take over the brakes at any speed, enable one break on the front left wheel to make the cars been out of control. it is a dangerous attack and it took gm almost five years to fully fixed battle over ability. over millions of vehicles. it is a limited to chrysler actually they were responsive compared to gm to

half a decade left millions of vehicles vulnerable. there is no reason to think just chrysler or gm are vulnerable as more vehicles are connected to the internet, they're only be more of these everyone of these features is a potential book that could be used on the highway. it is a new era that the whole industry needs to be aware of. >> host: could chris and iturbi see you in realtime on the road? caller: they cannot control steering very well. the only started that development. so the transmission thing was the scariest thing that they could do a high-speed. they could track with the

gps and had written a little program to show my location and that is scary in a different way because there is no telling especially with intelligence agencies to develop these to use them in that manner for surveillance rather than and sabotage. sometimes the automotive industry says there is evidence they have never been used on real victims but we don't know if push used by government hackers for that type of purpose. >> host: part - - how connected are our cars? >> pretty much every autumn maker has an interconnected system and in a partnership with a telecom carrier.

in fact, gm was the first but there are others like ford and others that use u connect it depends so much vehicle you have and if you have the upgrade but pretty much every make as internet connected potential and that will only become more standard over the years and there will be a time in the near future were every vehicle has a connection and hopefully by bin that will be properly isolated. there is no reason the brakes should have any connection with the entertainment system thrace a cellular connection. >> host: when your article came out what was the response? caller: the very first thing that happened that a

pair of congressman released a piece of legislation tied to the story to basically regulate automotive cybersecurity. they swore this was not tied to the story but it came out hours later and it seems it was an attempt to piggyback on the public awareness it calls for a ratings system that is public on any new car when it is sold for the cybersecurity and how connected to the internet or how isolated are the systems or how many systems are automated or features that could be hijacked? that bill is still floating around in congress but within days chrysler announced the recall which

really just means they had to send out 1.four u.s. be dries to their customers and publicize the fact you need to plug in to update the vehicle and within 24 hours chrysler made clear the nhtsa put pressure on them to do that. and that is the most important reaction. is sent a message to detroit and automakers around the world that there is accountability. you will face regulatory demanded a recall if you leave these vulnerability is in your cars. what gm did to leave it with be on star vehicle five years will not apply any more. this was a big wake-up call

it your vehicles can be packed you will face consequences and a scandal and pressure. >> host: what is the response from the car makers? caller: they don't talk very much. i hear that they are taking this very seriously and in fact, secretly they have for a few years. but they are incredibly shy to talk about problems they had reached the stage they believe they can get more positive press with the good things they are doing them the negative press by talking about the fact they can be hacked in general. so they seem to believe in shutting up to hope the problem goes away but it will not. that is not to say they're not doing important things behind the scenes. i hear pretty much every

automaker is trying to send over the year updates to all vehicles sold the next time there is security vulnerability is demonstrated they don't have to send out the u.s. be drive that is not the right way to patch software by the way it uses that in the nail and tell them to plug that and if you're treating them to fall for a trick in the future where hackers mail out drives and machines. so that is frowned upon from the security industry that is a few bader makers already know how to do. this is the same cellular service to push up the gap -- the updates and it is

automatically updating itself over the air. >> host: are these liabilities because of money? was it a cost in the first place. >> all software has bugs i would never choose the software -- accuse one to be cheap just because it has bugs eve bin google and microsoft the best in the world it seems like the endless supply of software. but the way the resources need to be spent is hiring penetration testers with the team of people that this

burned quickly to have the system in a responsive way not waiting for regulators to tell you about it or waiting years for it to come to light. google has its own team of researchers. when they do they give companies three months maximum before they go public to fix it so the five years that gm spent is not acceptable and the automaker's need to catch up with silicon valley sanders -- standards. >> host: you referenced the democrat from massachusetts senator marquis who calls for federal standards with regard to security?

>> at least a federal grading system in increase in the transparency with the cybersecurity ratings to make their own choices based on that i think that will be a difficult thing to do to legislate cybersecurity is always difficult. i applaud the fact he is thinking about this. and maybe difficult to get serious but the closer you get to tell them what to do the more it is wrong because it is a dynamic gain you cannot just make a lot to say but we should have a safety belt because it is designed to deal with a static problem of cars crashing and people need to

stay where they are sitting. that problem does not adapt if you fix one of these bugs that hacker response to circumvent your patch. that is an adversary. is that safety vehicle that can be legislated and that would be a mistake as a continuing cat and mouse game that apple and microsoft in google that it

builds its own professional team of hackers. >> host: i think i read that gm hired its first cybersecurity team? caller: right. they do have their own their chief product officer who has been much more responsive mode dash responsive. they have shaped up a hacker found they were not appropriately securing the connection between the android smart phone and the vehicle as it is designed to allow you to remove the amok the vehicle and turn on the engine and they showed that it could be hijacked with a device you can plant on the vehicle to hijack the

credentials so they could track the car and of market and recover his device order steal the car or the contents. gm learned about this and patched the smart phone probability that would have allowed that within 48 hours that is a big improvement over five years that is much easier on the smart phone but they are taking it seriously and and it is encouraging. i know when to entirely chastise the company's in general everyone is improving but it is just how fast if they are improving as fast with security they are adding or the vulnerable features. >> host: how many packable cars are on the road today

and should people who own a newer model car be afraid when they get in the car? caller: i don't know the total number of internet connected cars but in the tens of millions and to do not want to say that they should avoid the internet connected vehicle. i get a lot of comments that say i drive of '57 chevy and i get a chill because it is a dangerous attitude. it is still a future threats that could result from the in the wild half of a vehicle where the safety features built into the cars over the last decade including the internet

vehicles to respond in a crash there is a real president day problem and i would never want to convince anyone to buy the older vehicle just because a dozen have computerized components but we shouldn't have to give up and with the i found with the bid has faced virtually no now where 48 years of existence is about

achieving both of these things of these important safety features. >> host: andy greenberg are there any additional features when it comes to driving? caller: of course, . i asked what happens if you go from the internet connected vehicle to be autonomous vehicle? they just say everything gets worse it puts the problem into the turbo mode to be hijacked double now everything is automated when you control that computer beecher you control everything you can steerer entirely or the self parking

beecher you control just as much as a driver would in a normal car. this will be vastly more important that something be automakers or that tech companies are aware of and it to g packers were hired by a uber that it is it -- that is buying a fleet of autonomous vehicles so then what happens if they try to head that off before there on the road. >> host: you mentioned that car companies andy

greenberg have been quiet or reticent to discuss the issue? caller: they have. and tell veggie pack i don't think the average american and was aware of that is a two-time and smart phone but they still believed by avoiding the subject to prevent people from thinking in that way but it is part of the mainstream awareness to secure the vehicles and i have heard the research that took over the chevrolet

impala bettis something they are interleaf aware of they are not sticking their heads in the sand. >> host: from "wired" magazine technology reporter andy greenberg with his article about driving a hacked vehicle. thanks for being on the communicator's. . .

>> this week on q&a, new york-based artist and writer molly crabapple talked about her career, political views and how she approaches her work. >> host: