Expand / Collapse search

Hackers expose security flaw in Jeep Cherokee; shut it down remotely

Published  July 21, 2015 11:58pm EDT
News
FOX 2 Detroit

A hack attack on your car may sound like science fiction.  But it's real. 

A pair of hackers expose a fatal flaw in a top billed feature of a newer model Jeep Cherokee

The experiment was recorded, with this being said on tape:

"Don't do it, don't kill the engine, we're killing the engine right now. Guys I need the accelerator to work again, the accelerator won't work."

It turns out they can take control of the sport utility vehicle through its Uconnect Access entertainment system - controlling windshield wipers steering, brakes and the transmission.

Cyber security expert Dr. Barbara Ciaramitaro from Walsh College says a few years ago hackers could only take control of cars if their computers were plugged into them.

This is proof it can be done remotely, miles away from the vehicle.  She says it should serve as a wake up call for automakers putting more internet connected cars on the road.

"As soon as you have a wireless entry point," she said. "You have the ability of hacking. And I think that with the autonomous vehicles coming as well where all of the input coming from the environment, the car manufacturers have to be very serious about security."

"Think about the possibilities," said Dr. Richard Chasdi. "Attacks can be done sequentially they can be done simultaneously."

Chasdi is a terrorism expert and says the ability to hack vehicles connected to the internet could create a public safety nightmare.

"There are all sorts of spinoff ramifications of this new technology with something so basic as an automobile.

"What this is doing is working through individual units essentially locking transmissions and making it impossible to steer the car with disastrous results."

Although Fiat Chrysler would not confirm it, there are reportedly 470,000 vehicles with the Uconnect entertainment system on America's roadways.

The automaker says it updated the Uconnect security system in addition to the newer Jeeps, 2013 and 2014 Chrysler Dodge and Ram vehicles were also vulnerable including the 2015 Chrysler 200.

The men who exposed the security flaw in the Jeep plan to show other hackers how they did it at a conference next month.

Fiat Chrysler released a statement saying under no circumstances does it condone or believe it's appropriate to disclose how to information that would potentially encourage or help enable hackers to gain unauthorized and unlawful access to vehicle systems.

Drivers who have the Uconnect system can download the security update and install it themselves or go to a dealership for the one time update free of charge.