Hijacker Hackers Could Remote-Control 471 Million Chrysler Cars

Posted August 3, 2015

Zero-Day Exploit Lets Hackers Take Control Out of the Driver’s Hands and Put It in Their Own

Even if you love to drive, aren’t there times when it would be sweet to have a chauffeur (assuming you don’t already have one) so you could sit back and enjoy the scenery or play games or whatever it is you’d like to be doing in the backseat? Well Chrysler might just have the answer for you. Of course instead of enjoying the scenery or playing games or doing whatever it is you’d like to be doing in the backseat, you might be praying and screaming at the top of your lungs. We’re speaking, of course, about the exploit in some 471,000 Chrysler cars that makes it possible for hackers to take control of a car from a thousand miles away.

Adam Clark Estes, in a gizmodo.com story, relates what happened to wired.com’s Andy Greenberg when he had security researchers Charlie Miller and Chris Valasek remotely hijack his Jeep Cherokee.

The following has been excerpted from Estes’ gizmodo.com piece and edited to fit our format. You may find his original article by clicking on this link. If you’d like to read Andy Greenberg’s lengthy story on wired.com, click this link.

How it was done

Using the Jeep’s Uconnect system, which plugs into a cellular network, the security researchers were able to gain control of the car’s entertainment system and then rewrite the firmware to send commands to critical systems like the brakes, steering, and transmission.

Greenberg describes what it was like

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

Chrysler released a patch

The company recently released a patch to the Uconnect software that addresses the issue, but it needs to be installed via USB drive or by a dealer. (Visit this link to download the software update that will fix the exploit.)

From driver-less cars to too many drivers

Although this is not the first time that security researchers have discovered and shared details of a car hack, it’s starting to get pretty real. When there are almost half a million cars that could be commandeered or bricked with just a few key strokes, it’s time for auto companies to take notice, and embrace the community of researchers and politicians trying to make sure our cars are safe.

ThreatMetrix

ThreatMetrix

close btn