Sign up to our newsletter
[Update: July 29, 2015. Check out Stephen Cobb’s article on the wider implications of the Jeep hack.]
Hackers have demonstrated an exploit that can take remote control of a Jeep, to the extent of cutting the transmission and controlling the throttle.
The two hackers, Charlie Miller and Chris Valasek, demoed the exploit – the result of a year’s work – to a Wired journalist, who wrote: “The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles.”
“Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country,” continued the Wired report.
Although only intended as a proof of concept, any Chrysler that has Internet functionality through “Uconnect,” which includes hundreds of thousands of vehicles, is susceptible to a similar real-life attack, according to Siliconbeat.
It’s reported that Chrysler has released a “software update to improve vehicle electronic security,” and though it is unknown if the patch fixes the vulnerabilities Miller and Valasek exploited, it’s recommended that owners patch their vehicles anyway.
The patch is available here – you’ll need your vehicle ID and a USB drive to transfer the downloaded patch to your Chrysler via the dashboard port. Owners can also visit a Chrysler dealership, where their vehicles will be updated for free.
Miller and Valasek are set to present their findings at the Black Hat security conference in Las Vegas next month in a talk entitled: ‘Remote exploitation of an unaltered passenger vehicle’.
According to the Wired story, the pair have developed a suite of attack tools that enable a wide range of in car-actions, from controlling the air-con and audio, through to killing the engine, disabling the brakes and even hijacking the wheel (currently only possible in reverse), as well as triggering in car GPS to track the location in realtime.
Photo: lexan / Shutterstock.com
Author Karl Thomas, ESET