If your car can go online, hackers may be able to take the wheel.
The multi-tasking onboard computer system Uconnect, available on certain models of Chrysler, Jeep, Dodge, and Fiat vehicles, may be vulnerable to hacking, thanks to the system's WiFi capabilities.
A New and Scary Hack
Two professional hackers, Charlie Miller and Chris Valasek, recently set out to prove the vulnerability of a Jeep Cherokee equipped with Uconnect. With Wired journalist Andy Greenberg behind the wheel, Miller and Valasek were able to take control of the vehicle remotely while Greenberg was driving down the highway.
The duo took over the radio, the windshield wipers, and the Uconnect's screen before the truly terrifying part kicked in. From a distance of 10 miles, Miller and Valasek were able to stop the car on the highway, leaving Greenberg stranded in a lane.
In separate tests, Miller and Valasek were able to disable the engine entirely at low speeds, take control of the wheel in reverse, and employ or disable the brakes.
And it gets worse. Both hackers believe their attack isn't limited to one Jeep Cherokee a few miles away. With the right codes and access to the car's IP address, the two believe any hacker could access thousands of Fiat Chrysler vehicles from thousands of miles away.
Chrysler Releases a Patch and Voluntary Recall
It isn't good news, but car owners with the onboard Uconnect system should be thankful Miller and Valasek got to the problem before it was widely known. The two have been working with Fiat Chrysler for nine months. During this time, the carmaker has been working on a patch to provide better security for the Uconnect system; and shortly after the Wired story was released, the company issued a voluntary recall of several affected vehicles.
According to Autoweek, the recall effects:
- 2013-2015 Dodge Viper
- 2013-2015 Ram 1500, 2500, and 3500 pickup trucks
- 2013-2015 Ram 3500, 4500, and 5500 chassis cab trucks
- 2014-2015 Jeep Grand Cherokee and Cherokee
- 2014-2015 Dodge Durango
- 2015 Chrysler 200, 300, Dodge Charger, and Challenger
How to Fix the Bug
If you own a vehicle on the list, this recall is being handled a little differently than you're likely used to. Instead of having to bring your car in for service, you can download the software patch and install it yourself.
According to Autoweek, to install the patch you'll need to:
- Write down your vehicle's VIN number
- Visit the Uconnect Software Update Site and input your VIN number
- Download the software update
- Extract the software update to a USB flash drive
- Connect the flash drive to your vehicle through the onboard USB port and confirm the installation to install
Of course, if you're not comfortable updating the software yourself, you can bring your vehicle to a Fiat Chrysler service center for a free install, but you may want to call ahead. Service centers can get backed up during major recalls and you may need an appointment to be seen.
If you have any questions, you can call the Fiat Chrysler Vehicle Care Center directly at (877) 855-8400.