Exclusive Content
Original Shows, Motorsports and Live Events
Due to the EU’s Global Data Protection Regulation, our website is currently unavailable to visitors from most European countries. We apologize for this inconvenience and encourage you to visit www.motortrend.com for the latest on new cars, car reviews and news, concept cars and auto show coverage, awards and much more.MOTORTREND.COM
  • |
  • |
  • Magazine Contributor Experiences Jeep Hacking Firsthand

Magazine Contributor Experiences Jeep Hacking Firsthand

Cherokee’s Uconnect System Taken Over From Ten Miles Away

Jul 22, 2015
A contributor from Wired experienced vehicle hacking firsthand in the name of a story when he willingly got into a Jeep Cherokee that would be hacked by electronic security experts from a location 10 miles away.
Andy Greenberg was driving down a St. Louis highway when Charlie Miller and Chris Valasek turned on the Jeep’s climate control, switched the radio stations and volume settings, and activated the windshield wipers and washers. Miller and Valasek carried out this tomfoolery from a location several miles away, laptops linked to the Cherokee via its Uconnect system’s cellular connection. All that’s required is the vehicle’s cellular IP address and a connection on the same data network (in this case, Sprint).
Photo 2/13   |   2014 Jeep Cherokee Limited Front Three Quarter
Photo 3/13   |   2014 Jeep Cherokee Limited Rear
However, when the security researchers cut the engine altogether, their actions became substantially more real, causing the Jeep to slow down helplessly, holding up traffic. And once Greenberg coasted off the highway and met with the computer experts in a deserted parking lot, they were able to allegedly disable his brakes and leave him to coast slowly into a berm, according to the story. Luckily, Miller and Valasek haven’t figured out how to commandeer steering systems unless the vehicle is in Reverse, which likely permits hackers entrance to the helm via automatic parking features.
Photo 4/13   |   2014 Jeep Cherokee Limited Steering Wheel
However, the story may not be as straightforward as it’s presented. After reaching out to representatives from Fiat Chrysler Automobiles (FCA), we confirmed that the Jeep Cherokee’s brakes are based on a mechanical setup, with electronics used for the parking brake and brake assist features. However, disabling those features would still leave the mechanical brakes intact, allowing a driver to press the brake pedal and slow the vehicle, albeit with potentially higher pedal effort thanks to the loss of the power brake booster and other brake assistance systems.
Jeep representatives said they were unsure of the methods used to cut the brakes, given the direct mechanical connection between the pedal and the brake components. This makes us worried that the article may be somewhat misleading, claiming that hackers can completely remove braking power from a vehicle, which may not be accurate. FCA has reached out to the hackers in an effort to better understand how the brakes were cut, so far with no response.
Photo 5/13   |   2014 Jeep Cherokee Front Three Quarter Motion
However, the brakes notwithstanding, hacking a vehicle represents a huge safety risk, and FCA isn't ignoring that risk at all. The company’s recent software update comes as a direct response to the security vulnerability Miller and Valasek were able to expose, according to Wired. The company confirmed it has been working with the two hackers for some time now on these kinds of electronic loopholes, and Miller and Valasek haven’t been able to replicate their security shenanigans on a car with updated software, at least so far. To install the update, owners can download it to a USB drive from their computers and then install it in their cars by plugging the drive directly into the Uconnect system. They may also take them into their local dealer for the free-of-charge software update, if desired.
For its part, the automotive industry seems to be reacting appropriately to newfound concerns over vehicle electronic security. Many automakers offer automatic over-the-air software updates, and some have electronic failsafes that actively prevent remote control over the vehicle. And Congress is pushing legislation through that will require a certain amount of privacy and security from every vehicle manufacturer, further helping people maintain control of their connected cars.
Photo 6/13   |   2014 Jeep Cherokee Limited Front End 1
Today, FCA released a statement acknowledging Miller and Valasek’s involvement with the company. The statement also underscores the importance of keeping in-vehicle software updated to the most recent version available, but even with the old software, “there has not been a single real world incident of an unlawful or unauthorized remote hack into any FCA vehicle” [original emphasis].
Source: Fiat Chrysler Automobiles, Wired
Photo 7/13   |   2014 Jeep Cherokee Front Right View 02