Because of a recent software update, Fiat Chrysler vehicles could be wirelessly taken control of as demonstrated by two professional hackers, according to a Wired Magazine report earlier this week. When the update was announced, the company said that it offered better electronic security and provided improvements in the communications system. What these hackers proved is how vulnerable FCA systems were.
The hackers (one was formerly connected with the National Security Agency) demonstrated that they can hack into and control hundreds of thousands of FCA vehicles. Charlie Miller and Chris Valasek have a video to show that they were able to control an unmodified 2014 Jeep Cherokee that Wired journalist Andy Greenberg was driving in a highway in St. Louis. They discovered a vulnerability in several versions of FCA’s Uconnect infotainment system, which is linked to the Internet through a Sprint cellular data connection.
The 2013-14 Chrysler, Dodge, Jeep and Ram vehicles, as well as the 2015 Chrysler 200, have the Uconnect system installed in them. The driver can operate this system via an 8.4-inch touch screen and a Wi-Fi hot spot. What the hackers did to Greenberg’s Cherokee was turn on its wipers and shoot washer fluid, raise the volume of the radio, and shut down its engine.
After the vehicle was parked, the hackers showed how the steering wheel can be controlled. It can only be done if the transmission is in reverse. The hackers even disabled the brakes, forcing Greenberg to fall into a ditch. In the Wired report, the hackers said that they intend to release a part of the code next month at a Black Hat security conference in Las Vegas.
Miller and Valasek said that this code won’t mean that other hackers can immediately take advantage of the Uconnect vulnerability. They claim that they will do this to convince automakers of the risks. They had already informed FCA of the vulnerability and had come to a solution with the company five days before the hacking was reported. FCA said that the hackers’ plan to share the partial code is unsafe.
FCA has asked its customers to download a security patch from their website driveuconnect.com/software-update/. They may also bring their vehicle to a dealership to get a free software upgrade. FCA doesn’t yet have the ability to “push” important software upgrades over the internet to its vehicles. In a statement, the company said that it doesn’t condone or consider it appropriate to release information that may encourage or aid hackers to get unauthorized and unlawful access to vehicle systems.
It added that like in a tablet or a smartphone, software updates will be required by a vehicle to improve its security protection to lessen the possible risk of unauthorized and unlawful access to vehicle systems. Customers will be getting this software security update for free. The update includes Uconnect improvements presented in the 2015 model year meant to improve customer “convenience and enjoyment of their vehicle.”