Skip to main content

Jeep highway hack raises connected car fears

Wednesday, 29 Jul 2015

Information Age

Jeep maker Fiat Chrysler has recalled 1.4 million cars to patch a critical software flaw that allowed hackers to hijack the car's critical functions.

Security researchers Charlie Miller and Chris Valasek used a zero-day exploit in the Jeep Cherokee's entertainment system to remotely commandeer the car while it was being driven by a Wired reporter on a St Louis highway.

The carmarker initially released a "software security update" on July 16 that it implored customers to either manually install or to have their dealer install "at no cost".

But it has now taken the unprecedented step of issuing a voluntary safety recall for all affected vehicles to ensure they are patched sooner rather than later.

The vulnerability sits in the Jeep's connected car system, Uconnect.

Although the current Jeep Cherokee range sold in Australia comes with Uconnect, unlike US models of the car it does not connect the car to the internet, and therefore, isn't vulnerable to the hack, a spokesperson told CarAdvice.

In the US, Uconnect enables a number of "remote control" benefits for car owners, from remotely starting the engine and cooling the car down before you get in, to sounding the horn or flashing its lights to locate it in a busy car park. It also has functionality that can turn the car into a wi-fi hotspot.

To demonstrate software they created to exploit the flaw, Miller and Valasek had Wired writer Andy Greenberg drive a Jeep while they remotely commanded the car to do certain things.

Click here to log in and continue reading.