Skip to main content

Hackers wirelessly disable a Jeep Cherokee from 10 miles away with Uconnect

The thought of “hackers” being able to shut down cars was confined to the hyperbolic ranting of paranoid technophobes just a few years ago. But with digital control now woven into nearly every automotive system, from in-dash entertainment to engine and braking control, the door for exploitation is open wide. And two software engineers just barged right through it, bringing a Jeep Cherokee to a dead stop right from the comfort of their living room.

Charlie Miller and Chris Valasek reached out to Wired writer Andy Greenberg to demonstrate how in-car connectivity can leave vehicles vulnerable to exploits beyond just messing with the radio. The duo discovered that Uconnect, the cellular-based infotainment system in Fiat-Chrysler vehicles, has a vulnerability that allows unprecedented access to the vehicle.

Recommended Videos

Anyone with the proper knowhow, software, and the vehicle’s IP address can exploit this and engage in a multitude of attacks. From a laptop miles away, the duo can take over the entertainment system, cranking the radio volume up and displaying images on the dash-mounted LED interface screen. They can even control the wipers and influence the digital gauge cluster.

uconnect-press
FCA’s Uconnect interface Image used with permission by copyright holder

But things get more serious: The engineers can totally kill the engine at slow speeds, or shift the transmission to neutral and leave the engine to rev helplessly, halting the Jeep used in the demonstration. The Jeep Cherokee has an available park-assist system which was also fair game for hacking. Normally, sensors guide servos in the steering wheel into a selected parking spot, but when broken into, the engineers could also take hold of that system too, essentially driving the car themselves. Fortunately for owners, that particular trick seems to work only when the car is in reverse. For now, anyway.

“I’d just stomp on the brakes and get out,” you might say, but the hackers are a step ahead of you there, too. Not only can they engage the door locks, but they can remotely kill the brakes, taking that last shred of control away from the driver.

Miller and Valasek have notified Fiat Chrysler Automobiles (FCA) of the Uconnect vulnerability, and the manufacturer pledges to issue a patch to hopefully plug the hole. They also stress that this is a larger issue all automakers need to be aware of, particularly with the growing trend toward semi-to-fully autonomous systems being developed in passenger cars. Taking control of a car might be the more extreme result of this security hole, but possibly more scary is what can be done without the driver being aware. Breaking into the car’s system reveals the vehicle’s GPS location, as well as the VIN and other user data that could be used in nefarious ways.

“If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

Alexander Kalogianni
Alex K is an automotive writer based in New York. When not at his keyboard or behind the wheel of a car, Alex spends a lot of…
Plug-in hybrids are becoming more popular. Why? And will it continue?
Kia Niro EV Charging Port

There's a lot of talk about the idea that the growth in electric car sales has kind of slowed a little. It's not all that surprising -- EVs are still expensive, early adopters all have one by now, and they're still new enough to where there aren't too many ultra-affordable used EVs available. But plenty of people still want a greener vehicle, and that has given rise to an explosion in hybrid vehicle sales.

That's especially true of plug-in hybrid vehicles, which can be charged like an EV and driven in all-electric mode for short distances, and have a gas engine as a backup for longer distances or to be used in combination with electric mode for more efficient driving.

Read more
EV drivers are not going back to gas cars, global survey says
ev drivers are not going back to gas cars global survey says screenshot

Nearly all current owners of electric vehicles (EVs) are either satisfied or very satisfied with the experience, and 92% of them plan to buy another EV, according to a survey by the Global EV Drivers Alliance.

The survey of 23,000 EV drivers worldwide found that only 1% would return to a petrol or diesel car, while 4% would opt for a plug-in hybrid (PHEV) if they had to replace their car.

Read more
Trump team in sync with Tesla on ending crash-reporting requirements, report says
Beta of Tesla's FSD in a car.

The transition team of President-elect Donald Trump is planning to end existing car-crash reporting requirements to safety regulators, according to a Reuters report.

The report cites a document obtained by Reuters that lays out the transition team’s 100-day strategy for automotive policy. In the document, the team says the crash-reporting requirement leads to “excessive” data collection, Reuters says.

Read more