Hackers remotely taking over cars and causing mayhem in traffic: it’s the kind of thing you’d usually write off as the product of an overactive Hollywood writer’s imagination. But it looks like it’s actually a reality facing us right now.
Just ask Wired writer Andy Greenberg, who recently drove a 2014 Jeep Grand Cherokee while hackers Charlie Miller and Chris Valasek took over a variety of the car’s functions, including the stereo, air-conditioning, accelerator and brakes.
No ad to show here.
The really scary part is that the duo managed to do so wirelessly, from the comfort of a couch miles away from where Greenberg was driving.
They were able to undertake the hack because a flaw they discovered in Jeep maker Fiat Chrysler’s Uconnect system, which connects the car to the internet. The system, which is present in hundreds of thousands of Fiat Chrysler vehicles affects everything from the vehicle’s entertainment and navigation, to its ability to make phone calls, and also offers a Wi-Fi hot spot.
According to Wired, Uconnect also lets anyone who knows the car’s IP address gain access from anywhere in the country.
Miller and Vasalek notified Fiat Chrysler about the vulnerability. While it has not addressed the issue directly, it has released a patch which apparently resolves it.
In a statement, the automotive giant said that it had “released a Technical Service Bulletin (TSB) for a software update that offers customers improved vehicle electronic security and communications system enhancements”.
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems,” it add. “Today’s software security update, provided at no cost to customers, also includes Uconnect improvements introduced in the 2015 model year designed to enhance customer convenience and enjoyment of their vehicle”.
Unfortunately that patch is only likely to be downloaded by tech savvy drivers who can be bothered.
Miller and Vaselek suspect that similar issues could affect cars from manufacturers around the globe. The pair plan to unveil more around their findings at the annual Black Hat security conference in Las Vegas later this year.
