Hackers can take complete remote control of Jeep Cherokee (and other cars) (UPDATED)

Posted on Wednesday, Jul 22 2015 @ 13:39 CEST by Thomas De Maesschalck
UPDATE: July 24, 2015 @ 19:36 CET
Fiat Chrysler announced a massive recall to update the software in up to 1.4 million affected vehicles. The following vehicles with the firm's uConnect system need to receive a software update:
  • 2013-2015 MY Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

  • Andy Greenberg from Wired teamed up with security experts Charlie Miller and Chris Valasek and received a first-hand experience of the danger of connected cars. Greenberg drove around in a Jeep Cherokee, one of the Fiat Chrysler cars that comes with Uconnect, an Internet connected computer feature that was introduced in late 2013.

    Using nothing more than a laptop and a cell phone, Miller and Valasek demonstrated near total control over the car. Not only could they remotely toy with the air conditioning, the onboard entertainment system and the windshield wipers - that would be worse enough - they also had no trouble cutting the transmission, abruptly engage the brakes, or disable them altogether. When the car is in reverse, Miller and Valasek could even control the steering wheel.
    The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I-64; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could safely continue the experiment.

    Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route.

    As many as 471,000 cars with the vulnerable Uconnect system are at risk of a similar attack. Fortunately, a patch is already available. You can download it over here but you need to manually install it via USB.

    About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

    Loading Comments