Chrysler has quietly rolled out a new Jeep software update that is meant for fixing a major security flaw that could easily let hackers remotely access any person’s vehicle.
This follows fears that were raised by researchers Charlie Miller and Chris Valasek after they took Andy Greenberg, a Wired writer, for a ride he will not be forgetting anytime soon. According to the discovery made by the two security researchers, the flaw affects the Uconnect, an internet-based computer feature located in the vehicle’s dashboard. This feature is not standard to all Chrysler vehicles; rather, it is an optional upgrade.
The hackers were seated some 10 miles away from the scene of the action and from there, Greenberg reveals that they could take control of almost everything. From here, they were able to take control of the air conditioners, radio, windshield wipers and even display any image on the digital display of the car. Even though the two had promised Greenberg they won’t try anything life threatening, they completely cut off the transmission. The two were even able to stop the accelerator and cut the brakes of the Chrysler Jeep.
Miller and Valasek claim that they haven’t yet perfected the art of taking control of the steering wheel, however, they can still hack the wheel when the car is reversing. It is also possible to access the coordinates of the car, check its speed as well as drop pins on a map so as to keep track of its course.
What makes this attack disturbing is the fact that it was done wirelessly. Unlike in the previous tests where these two hijacked a moving car while seated in the back with computers physically connected to the car, the hackers were miles away. This means that anyone can take control of your car without the need of having a physical connection. The two security researchers have promised to reveal more on this development in the upcoming Black Hat Conference.
Update to the latest version of Uconnect now to stay safe
If you own any Chrysler Jeep that runs on the optional Uconnect feature, it is time you updated to the latest version in order to take care of this issue. The patch requires a manual installation where you need a USB stick or visit a dealership mechanic and it’s available for free.
According to reports, the security vulnerability affects a number of 2013-2014 models of the Dodge Ram and Dodge Viper, 2014 models of the Jeep Cherokee, Dodge Durango and Jeep Grand Cherokee, 2015 models of the Jeep Cherokee and Grand Cherokee as well as the this year’s Chrysler 200s.
Fiat Chrysler released a statement that showed their discontent in the way Miller and Valasek came out with the news. The company feels that this is crucial news that could help malicious hackers in executing unlawful actions on vehicle systems. However, the company also commended the pair for their contributions towards the threat of cyber security.