Security Flaw in Uconnect Lets Hackers Remotely Kill Jeep's Engine
If you’re like me, you may have found yourself asking “Why would Fiat Chrysler Automobiles release a patch for Uconnect if nothing is wrong?” last week.
The answer, provided by Wired today, is “They wouldn’t,” and that hackers could remotely kill a Jeep through a zero-day exploit in the system’s software. Additionally, hackers could take control of many other functions including steering, climate controls, brakes, throttle — the whole nine yards.
The Internet-based attack can remotely control just about any part of the car, according to the story. The two St. Louis men featured, Charlie Miller and Chris Valasek, can reportedly control any part of the car: stereo, windshield wipers, steering (only in reverse), braking, transmission and air conditioning.
The duo say they plan to release a portion of their exploit when they speak at a security conference in Las Vegas next month.
Chrysler isn’t happy.
“Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.
FCA has a dedicated team from System Quality Engineering focused on identifying and implementing software best practices across FCA globally. The team’s responsibilities include development and implementation of cybersecurity standards for all vehicle content, including on-board and remote services.
As such, FCA released a software update that offers customers improved vehicle electronic security and communications system enhancements. The Company monitors and tests the information systems of all of its products to identify and eliminate vulnerabilities in the ordinary course of business.
Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems. The software security update, provided at no cost to customers, also includes Uconnect improvements introduced in the 2015 model year designed to enhance customer convenience and enjoyment of their vehicle. Customers can either download and install this particular update themselves or, if preferred, their dealer can complete this one-time update at no cost to customers.
Customers with questions may call Vehicle Care at 1-877-855-8400.”
Miller and Valasek say they’ll leave out important parts of their code that potentially malicious hackers would require to duplicate their feats.
Last week, FCA released an update for Uconnect addressing the vulnerability. That update must be installed at dealerships, or by owners with a USB stick, which could be an encumbrance for many owners, leaving many vulnerable Jeeps left out on the road.
According to the Detroit News, two U.S. Senators are proposing a bill that would specify federal standards for automotive computer systems to combat hacking.
(I asked Chrysler last week when the patch was released and heard that “nothing in particular” prompted the update and I bought it. I have failed you, TTAC readers, and I’m sorry.)
More by Aaron Cole
Latest Car ReviewsRead more
Latest Product ReviewsRead more
- Wjtinfwb Funny. When EV's were bursting onto the scene; Tesla's, Volt's, Leaf's pure EV was all the rage and Hybrids were derided because they still used a gas engine to make them, ahem; usable. Even Volt's were later derided when it was revealed that the Volt's gas engine was actually connected to the wheels, not just a generator. Now, Hybrids are warmly welcomed into the Electric fraternity by virtue of being "electrified". If a change in definition is what it takes, I'm all for it. Hybrid's make so much sense in most American's usage patterns and if needed you can drive one cross-country essentially non-stop. Glad to see Hybrid's getting the love.
- 3-On-The-Tree We also had a 1973 IH Scout that we rebuilt the engine in and it had dual glass packs, real loud. I miss those days.
- 3-On-The-Tree Jeff thanks. Back in 1990 we had a 1964 Dodge D100 with a slant six with a 3 on the tree. I taught myself how to drive a standard in that truck. It was my one of many journeys into Mopar land. Had a 1973 Plymouth duster with a slant six and a 1974 Dodge Dart Custom with 318 V8. Great cars and easy to work on.
- Akear What is GM good at?You led Mary............................................What a disgrace!
- Randy in rocklin I have a 87 bot new with 200k miles and 3 head gasket jobs and bot another 87 turbo 5 speed with 70k miles and new head gaskets. They cost around 4k to do these days.