An ongoing investigation into the security of Chrysler vehicles bears some pretty startling conclusions. In a couple of weeks, security researchers will reveal the details of a zero-day exploit that affects some 471,000 cars. Put bluntly: hackers can take complete control of the cars from thousands of miles away.
Longtime car hackers Charlie Miller and Chris Valasek recently demonstrated the dangerous possibilities of the Chrysler exploit to Wired’s Andy Greenberg. The journalist actually took a Jeep Cherokee onto the motorway outside St. Louis, while the hackers took over control of the car. Using the Jeep’s Uconnect system, which plugs into a cellular network, the security researchers were able to gain control of the car’s entertainment system and then rewrite the firmware to send commands to critical systems like the brakes, steering, and transmission. Greenberg describes the experience:
As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.
What’s especially worrisome about this situation is that Chrysler knows about the vulnerability and doesn’t seem to be taking it too seriously. The company recently released a patch to the Uconnect software that addresses the issue, but it needs to be installed via USB drive or by a dealer.
Meanwhile, Chrysler sort of scolded the researchers for sharing information about the exploit publicly. “Under no circumstances does [Fiat Chrysler Automotive] condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorised and unlawful access to vehicle systems,” the company said in a statement.
Image via Getty