Jeep Cherokee gets hacked, allowing remote access

Fiat Chrysler are recalling 1.4 million vehicles for a software update after hackers were able to take control of a Jeep Cherokee in what could be a potentially fatal vulnerability.

We have, a number of times, discussed a concept called “The Internet of Things”, a futuristic vision where almost everything is connected to the Internet and is able to both receive and transmit information across it.

It is a vision which many believe is an inevitable destination to which we are already heading. Even now we have so many devices that have the ability to connect online that couldn’t only a short time ago, such as mobile phones, TVs and medical devices.

The Internet of Things comes attached with a stark warning from security analysts. Not only is your PC or laptop at risk of digital intrusion, but everything that is connected to cyberspace, no matter how secure we think they are.

And if the Internet of Things becomes a realisation, that means almost everything around you could be at risk. Even the car that you drive.

And this was made ever-so-apparent this week when Wired writer Andy Greenberg went to visit two security researchers, Charlie Miller and Chris Valasek. Andy was told to drive a Jeep Cherokee the two researchers had with them, and what the pair of researchers could do via their laptop was genuinely worrying.


Sponsored Content. Continued below...




As Greenberg would soon realise, Miller and Valasek could do pretty much anything to the Jeep, from messing with the AC and radio to completely killing the engine. Basically, it would have been easy for them to cause a crash if they had wanted.

Luckily that never happened, since Miller and Valasek could be described as “white hat” hackers – i.e. they test potentially vulnerable weaknesses and report their findings, without malicious intent. And their findings have led to Fiat Chrysler recalling 1.4 million vehicles listed below from the US –

2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500, 2500 and 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee and Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes

Miller and Valasek revealed they were able to compromise the car via it’s UConnect feature, an Internet based computer installed in many cars that allows the vehicle to manage its entertainment and navigation systems.

Whilst this is certainly an eye-opener, it is worth noting that in this instance Miller and Valasek did require prolonged testing and physical access to the car they compromised to be able to take control of it in the way that they did, so it is unlikely that anyone would simply be able to take control of any affected vehicle at will, at least not for now.

Fiat Chrysler released a statement saying that the exploits “required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.”

This isn’t the first time the security researchers managed to hack a car before either. In 2013 – again with Andy Greenberg – the duo played havoc with a car that included sounding the horn and playing with the speedometer, only that time their laptops were physically plugged into the car as they sat in the back seats.

As we continue to plug more and more types of devices into the Internet, they become part of the Internet of Things and are thus at risk to hackers. And for things like cars, digital intrusions can prove fatal. It’s an eye-opener to the future, and a problem that isn’t likely to go away.

Does this make you nervous when driving an Internet connected car? Let us know below.

Read Andy Greenberg’s report on Wired here.

Share
Published by
Craig Haley