If you own a Jeep Cherokee, Chrysler 200, Dodge Ram or one of several other Chrysler vehicles made in the last three years and something goes seriously wrong while you’re driving, you could have been hacked — remotely.
The problem? Hackers can control the vehicles over the Internet and cut the brakes, shut down the engine, drive the car off the road or short the electric system. The issue can only occur in Chrysler products equipped with Uconnect, a wireless system that connects the vehicles on the Sprint cellphone network.
The flaw was discovered by researchers, Charlie Miller and Chris Valasek. The duo first demonstrated the hack to Wired Magazine by remotely hijacking a Jeep Cherokee driven by a news reporter.
“Right now I could do that to every [Chrysler] car in the United States on the Sprint network,” Miller told CNNMoney.
The researchers concluded the vulnerable Chrysler models are those from late 2013, all of 2014 and early 2015 loaded with Uconnect and the full navigation displays.
Miller said there could be other vehicles with this weakness that he isn’t aware of. The researchers did not test any cars made by Ford, General Motors or others because of limited resources.
Chrysler has acknowledged the problem. The manufacturer said it left an unused computer communication channel open that unknowingly granted outside access to car controls.
The automaker is now offering a software upgrade that it says customers should install “at their earliest convenience.”
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection,” the company said.
According to a report on CNNMoney.com, Miller and Valasek said they presented their research to Chrysler last October, allowing the company develop a fix. Miller said the company had been “very kind and responsive.”
In 2013, Miller and Valasek demonstrated how they could hack a car while sitting inside it. At the time, they had to physically connect a laptop to a car’s dashboard.
Wireless connectivity, now standard in nearly every car, has increased the risk.
In their latest experiment, Miller and Valasek used a laptop to scan for any cars on the Sprint network that also use Uconnect.
In seconds, the researchers can tap into any car’s “infotainment system.” They can turn off the air conditioner, blast the radio volume and change the navigation screen.
Once inside, they can then penetrate what’s supposed to be a guarded layer: the computer backbone of the car. They can control the brakes, steering wheel and accelerator.
Senators Edward Markey, of Massachusetts, and Richard Blumenthal, of Connecticut, have introduce legislation, the Security and Privacy in Your Car Act to help counter the problem and determine how safe vehicles are from cyberattacks.