Subscribe

Hackers hijack Jeep Cherokee: How can you stop them? (+video)

A security team tests a Jeep Cherokee, finding the car can be remotely accessed and controlled.

  • close
    Miller attempts to rescue the Jeep after its brakes were remotely disabled, sending it into a ditch in this photo from Wired magazine.
    Andy Greenberg/Wired
    View Caption
  • About video ads
    View Caption
of

Charlie Miller and Chris Valasek conducted an experiment earlier this month that ended up with a Jeep in a ditch, although the driver didn't drive it there. The two remotely hijacked the car, controlling it through a laptop and a cell phone. 

How did they hijack a car?

Mr. Miller, a former National Security Agency employee, and Mr. Valasek, the director of vehicle security research for security company IOActive, found several weak points in the car’s system due to Chrysler's Uconnect software, which controls the vehicle’s entertainment and navigation, enables phone calls, and offers a Wi-Fi hot spot. These innovative features unfortunately provide access points for the vehicle to be hijacked, according to a report in Wired. The Internet capability is particularly susceptible; if a hacker is able to identify the IP address of the car, then, “From an attacker’s perspective, it’s a super nice vulnerability,” said Miller to Wired.

To test the hijacking software, the two researchers worked with Andy Greenberg, a writer with Wired, who drove the car on a St. Louis highway until he could no longer control the vehicle.

“Immediately my accelerator stopped working," writes Mr. Greenberg. "As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.”

What can you do to protect your vehicle from hijackers?

Chrysler posted a notice on its website informing customers of a “Software Update to Improve Vehicle Electronic Security,” saying that a car, like a phone or computer, needs software updates to ensure security.

The software update provided by Fiat Chrysler Automobiles, is free of charge and can be downloaded by the user onto a USB drive, and then inserted into the USB port in the vehicle dashboard. A Chrysler dealer can also install the Uconnect update for the car at no charge, according to the press release.  

The Uconnect software update is available here.

The hijacking duo has only tested the system-control software so far on Jeep Cherokees and has found that it works on models from late 2013 through early 2015. The team has yet to try other makes and models of automobiles. The car manufacturer has said that it appreciates Miller and Valasek’s work, but the company cautions “advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.” The research team plans to unveil its full findings at the Black Hat conference, an information security event in Las Vegas this August. 

Follow CSMonitor's board Tech & Innovation on Pinterest.

 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK