If you are at all into keeping up with current news stories and the latest happenings blasted through social media, then you have probably seen where security experts were able to wirelessly hack into a Jeep Cherokee and basically crash the car into a ditch.
Security experts Charlie Miller and Chris Valasek collaborated with Wired magazine to show how they could remotely hack into the entertainment system and other vehicle functions of a new 2014 Jeep Cherokee. In doing so, the security experts managed to gain access to other systems of the vehicle all through the "high-tech" infotainment system, which is dubbed as Uconnect by FCA (Fiat Chrysler Automobiles) and used by a plethora of vehicles they manufacture.
Both security experts are considered to be experienced IT hacks. Miller is a former NSA hacker while Valasek is the director of security research at the consultancy firm IOActive. To perform the demonstration of the hacking of the Jeep, the researchers employed Wired reporter, Andy Greenberg, to drive the vehicle on a highway while they manipulate its radio and windshield wipers. Additionally, the security experts were able to operate the windshield wipers and eventually shut the vehicle down.
Before conducting the test on a vehicle remotely, the security experts were able to conjure up an exploit written specifically for the remote vulnerability they discovered. It took about three weeks to complete this process, which was an easy task as explained by Miller. However, it was another final step of organizing a series of messages to determine which ones controlled what through a vehicle's controller area network (CAN). This process took them about three months to complete before any tests could be conducted in the real world.
In performing the tests, the security experts, or what you may now refer to as hackers, were placed about 10 miles away from the vehicle while the test was conducted. The connectivity of the hacker's computer and the vehicle was initiated through the Jeep's cellular connection that tapped directly into the vehicle's entertainment system. Through the established connection, the hackers were able to gain access to other systems and ECU's, which can account for as many as 200 different units.
Afterward, once access was established to the proper ECU, the vehicle's controller area network (CAN) was used to find the proper function for shutting the vehicle down. Fortunately, the process of finding which CAN function would do so was a process that involved going through several messages and determining what controls what was already figured out. Simply put, the hackers were able to shut the Jeep down where the driver was forced to make an emergency stop landing him in a shallow ditch on the side of the road.
Miller and Valasek are no rookies when it comes to hacking cars. Funny enough, they were the same individuals who demonstrated hacking into a Ford Escape and Toyota Prius to control the brakes and steering at the DefCon hacker conference in 2013. IN that hack the connectivity involved a wired connection to the vehicle's OBD-II on-board diagnostics port. OBD-II ports are a commonality of all vehicles made after 1996 allowing access to ECU data and easily troubleshooting of vehicle issues.
Photo credit: Wired.com Andy Greenberg
After the successful hacking of the 2014 Jeep Cherokee was made public, folks at FCA didn't take to fond of the idea and discovering that hacking of their vehicles equipped with the same infotainment system is possible, FCA took to the internet waves and media to release a statement and fix for potential hacking of their cars. In all, the vulnerable vehicles account for hundreds of thousands with most being within the Chrysler family, including the following FCA vehicle list:
- 2013-2014 Ram 1500 Pickup
- 2013-2014 Ram 3500 Cab Chassis
- 2013-2014 Ram 2500 Pickup
- 2013-2014 Ram 4500/5500 Cab Chassis
- 2013-2014 Ram 3500 Pickup
- 2014 Grand Cherokee
- 2014 Durango
- 2013-2014 Viper
- 2014 Cherokee
- Some 2015 Chrysler 200s