Jeep Cherokee, Uconnect Vulnerable to Wireless Hacking

2

Technology aims to make our lives easier, but sometimes it can make it a lot scarier, too.

In a recent report from Wired, two hackers demonstrated the capability to remotely hack into a Jeep Cherokee and take full control of the vehicle wirelessly. This was done through the SUV’s Uconnect infotainment system, which has a vulnerability that the two hackers won’t identify until a later date. They are urging owners to update their Uconnect software and although they’ve only tested their hacks on a Jeep Cherokee, they believe most of their attacks could be tweaked to affect any Uconnect-equipped vehicle.

Charlie Miller and Chris Valasek began the demonstration by taking control of the Cherokee’s air conditioning, radio and windshield wipers, all from the comforts of their living room while the Jeep was traveling on a highway. To show the range of possibilities, they were able to cut off the accelerator and the driver was unable to regain control of the vehicle without shutting it off, causing the car to drive into a ditch.

SEE ALSO: Automakers Fail to Protect Cars Against Hackers: Report

Now, there’s no need to rush out and panic that hackers are remotely going to start shutting off cars and crashing them into ditches. Unfortunately, there is clearly a vulnerability with today’s infotainment systems, or at the very least, Uconnect. Miller and Valasek haven’t attempted to hack any other systems. In addition, both hackers have been sharing their research with Chrysler for nearly nine months and the company will quietly release a patch ahead of the Black Hat conference.

In a statement, Jeep parent company FCA said: “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorised and unlawful access to vehicle systems. We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”

The bigger issue is that, generally, vehicle owners won’t be aware of a fix, or won’t have the knowledge to manually update their infotainment systems on their own. Regardless, if you own a vehicle with a Uconnect system, you will want to download the update here as soon as you can. If you’re unaware of how to do the update yourself, visit your local dealership as soon as possible.

[Source: Wired]

Discuss this story at our Jeep Cherokee Forum

  • smartacus

    this is not a good year for FCA

  • Mike

    The sooner it’s over the better. Maybe a decent company can buy up Jeep when the boat sinks and make Jeep what it should be.