Hackers Find Vulnerability In Jeep’s Uconnect System

/in /by

“I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold. Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air in the maximum setting, chilling the sweat on my back through the in-seat-climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.”

Can you imagine something similar happening to you while you drive your car? Andy Greenberg participated in a study in which cybersecurity researchers attempted to find vulnerability in Jeep’s Uconnect system, the computer system inside the vehicle. What’s scary is that they were able to find it and hack into the system.

Security breaches at stores like Target and Home Depot have become commonplace, but now researchers have discovered it is possible for hackers to control individual vehicle computer systems. Charlie Miller and Chris Valasek, cybersecurity researchers, discovered a hacking technique called a “zero-day exploit” that targets Jeep Cherokees and allows the attacker to have wireless control of thousands of cars. The software lets hackers send commands through a laptop to the Jeep’s Uconnect system that can alter steering, music, brakes, transmission, etc.

Such hacking is made possible by the fact that the vast majority of car manufacturers strive to turn vehicles into smartphones and ensure that you are connected at all times. Chrysler’s way of doing this is via the Uconnect system. Uconnect is an internet-connected computer in most Fiat Chrysler vehicles. The system controls entertainment, navigation, phone calls, and includes wi-fi hotspot capability. The system’s connection also allows “anyone who knows the car’s IP address to gain access from anywhere in the country. From an attacker’s perspective, it is a super nice vulnerability.”

Affected Chrysler Vehicles include:

  • 2013-2015 MY Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

Researchers Miller and Valasek have been sharing their research with Chrysler, which has allowed for Chrysler to release a software update in response to the potential threat. Last month, owners of Chrysler vehicles with the Uconnect feature were notified of the update’s release to secure vehicles against vulnerability. The software update must be manually downloaded to a USB and updated, which means many vulnerable vehicle owners are unlikely to update in a timely manner, if at all. “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone,” Charlie Miller explained.

Contact the Leslie Legal Group Today

If you are experiencing trouble with your vehicle’s computer system, contact the experienced attorneys at the Leslie Legal Group. We can help determine the right solution for you and your case.