Hackers hijack Jeep Cherokee: How can you stop them?

A security team tests a Jeep Cherokee, finding the car can be remotely accessed and controlled.

|
Andy Greenberg/Wired
Miller attempts to rescue the Jeep after its brakes were remotely disabled, sending it into a ditch in this photo from Wired magazine.

Charlie Miller and Chris Valasek conducted an experiment earlier this month that ended up with a Jeep in a ditch, although the driver didn't drive it there. The two remotely hijacked the car, controlling it through a laptop and a cell phone. 

How did they hijack a car?

Mr. Miller, a former National Security Agency employee, and Mr. Valasek, the director of vehicle security research for security company IOActive, found several weak points in the car’s system due to Chrysler's Uconnect software, which controls the vehicle’s entertainment and navigation, enables phone calls, and offers a Wi-Fi hot spot. These innovative features unfortunately provide access points for the vehicle to be hijacked, according to a report in Wired. The Internet capability is particularly susceptible; if a hacker is able to identify the IP address of the car, then, “From an attacker’s perspective, it’s a super nice vulnerability,” said Miller to Wired.

To test the hijacking software, the two researchers worked with Andy Greenberg, a writer with Wired, who drove the car on a St. Louis highway until he could no longer control the vehicle.

“Immediately my accelerator stopped working," writes Mr. Greenberg. "As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.”

What can you do to protect your vehicle from hijackers?

Chrysler posted a notice on its website informing customers of a “Software Update to Improve Vehicle Electronic Security,” saying that a car, like a phone or computer, needs software updates to ensure security.

The software update provided by Fiat Chrysler Automobiles, is free of charge and can be downloaded by the user onto a USB drive, and then inserted into the USB port in the vehicle dashboard. A Chrysler dealer can also install the Uconnect update for the car at no charge, according to the press release.  

The Uconnect software update is available here.

The hijacking duo has only tested the system-control software so far on Jeep Cherokees and has found that it works on models from late 2013 through early 2015. The team has yet to try other makes and models of automobiles. The car manufacturer has said that it appreciates Miller and Valasek’s work, but the company cautions “advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.” The research team plans to unveil its full findings at the Black Hat conference, an information security event in Las Vegas this August. 

Follow CSMonitor's board Tech & Innovation on Pinterest.
You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Hackers hijack Jeep Cherokee: How can you stop them?
Read this article in
https://www.csmonitor.com/Technology/2015/0721/Hackers-hijack-Jeep-Cherokee-How-can-you-stop-them
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe