Back in 2013 these two guys hacked a Toyota Prius while they were riding in the back seat. Now they’re back, and this time they’ve remotely hacked a Jeep Cherokee. They did this by attacking the car’s Uconnect system, which provides internet access.
They were able to control minor things such as radio volume and HVAC controls. They could play with the Jeep’s windscreen wipers and, worryingly, they could control the steering, the brakes and cut all engine power.
Watch the clip below and see Miller and Valasek play with their 1:1 remote control toy. All well and good unless you happen to be Andy Greenberg and thinking you’re actually in control of the car while you’re out on public roads.
“There are hundreds of thousands of cars that are vulnerable on the road right now,” Charlie Miller claims.
For their part Fiat Chrysler say they have released a free security patch that resolves any vulnerability but somewhat dismissively added: “Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorised and unlawful access to vehicle systems.”
UPDATE: FCA Australia has just released a statement confirming the release of a new security patch. Furthermore, because Uconnect is not available outside the US, no locally sold cars are affected by this cybersecurity issue.