Security Experts Wirelessly Hack into Jeep Cherokee

A pair of security experts remotely took control of several vehicle functions including the throttle in an unmodified 2014 Jeep Cherokee by hacking into its Uconnect wireless Internet connection.

The incident was reported in a Wired magazine story by Andy Greenberg, who also drove the Cherokee during the event.

The hackers, Charlie Miller and Chris Valasek, have been communicating with Fiat Chrysler Automobiles NV for several months and notified the company of the Uconnect breach. FCA issued a software upgrade last week to fix the vulnerability, which could affect about 471,000 Chrysler, Dodge, Jeep and Ram vehicles equipped with certain versions of Uconnect.

Miller, a former National Security Agency hacker, and Valasek, director of vehicle security research at IOActive, plan to reveal some of the details about the hack at a security conference next month in Las Vegas. FCA has asked them not to share the information.

FCA's Uconnect infotainment system links to the Internet through a Sprint cellular connection. During the security breach, Miller and Valasek used laptop computers to enter the Jeep's electronic network as the vehicle sped along a highway in St. Louis. They switched on the air conditioning, turned up the radio to full volume and displayed an illustration of themselves on the SUV's nav screen. The hack also gave them control of the door locks and throttle.

In a parking lot, the hackers later showed how they could take control of the Cherokee's steering and brake systems. They also were able to turn the engine off and cause the SUV to slowly drive into a ditch.

Miller and Valasek also showed how they could identify and remotely track a variety of Uconnect-equipped Dodge and Jeep vehicles in California, Texas and upper Michigan.

Owners of affected Cherokees can download a security patch themselves from the Internet or have a dealer install the upgraded software. The actual patch must be manually entered through a USB port in the vehicle.

The demonstration highlights growing concern about vehicle cyber threats. Miller and Valasek showed two years ago how they could control a vehicle by hard-wiring a laptop into its OBD diagnostic port. But gaining control remotely represents a far more serious threat.

Analysts note the auto industry has done a poor job of making vehicles secure as new electronic systems were introduced. But they recently have stepped up efforts in this area and this month announced an Auto Information Sharing and Analysis Center to help identify and defeat cyber threats.

The National Highway Traffic Safety Admin. promises to make it a top priority. Lawmakers also are introducing new legislation to address the issue.