Back in 2013 these two guys hacked a Toyota Prius while they were riding in the back seat. Now they’re back, and this time they’ve remotely hacked a Jeep Cherokee. They did this by attacking the car’s Uconnect system, which provides internet access.
They were able to control minor things such as radio volume and HVAC controls. They could play with the Jeep’s windscreen wipers and, worryingly, they could control the steering, the brakes and cut all engine power.
Watch the clip below and see Miller and Valasek play with their 1:1 remote control toy. All well and good unless you happen to be Andy Greenberg and thinking you’re actually in control of the car while you’re out on public roads.
“There are hundreds of thousands of cars that are vulnerable on the road right now,” Charlie Miller claims.
For their part Fiat Chrysler say they have released a free security patch that resolves any vulnerability but somewhat dismissively added: “Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorised and unlawful access to vehicle systems.”
UPDATE: FCA Australia has just released a statement confirming the release of a new security patch. Furthermore, because Uconnect is not available outside the US, no locally sold cars are affected by this cybersecurity issue.
FCA Australia statement: Jeep Cherokee UConnect
22 July 2015 – FCA USA was made aware of a potential issue within the UConnect’s external cellular connection. On July 16, owners of vehicles with this UConnect feature were notified of an update that has now resolved this wireless connection issue.
FCA USA has a dedicated team from System Quality Engineering focused on identifying and implementing software best practices. The team’s responsibilities include development and implementation of cybersecurity standards for all vehicle content, including on-board and remote services.
As such, FCA released a software update that offers customers improved vehicle electronic security and communications system enhancements. The Company monitors and tests the information systems of all of its products to identify and eliminate vulnerabilities in the ordinary course of business.
No vehicles in Australia nor any international market outside of the USA were affected by this issue, as it is an American-only system not present in Australian vehicles. Vehicles sold in Australia and other international markets are not equipped with an external cellular connection.