Hackers Burrow Into a Jeep Again - Will FCA Give Them $1,500?

Steph Willems
by Steph Willems

The same two guys who brought you last year’s remote hacking of a Jeep Cherokee on a Missouri highway (and resulting 1.4 million vehicle recall) are at it again.

This time, Charlie Miller and Chris Valasek entered the same Cherokee’s electronic brain, bypassing security software to gain control over key driving functions, according to Wired.

Both men are security researchers, and take pride in finding new ways to defeat electronic walls put up by automakers. FCA added a patch to its Uconnect software last year after their discovery, but hackers gonna hack, you know.

One the surface, their latest hack is alarming. The two were able to control the Jeep’s cruise control and steering, even at high speeds. In practice, the hack isn’t anything like the earlier one — to do it, they needed to be inside the vehicle, with a laptop plugged into the Jeep’s electronic network via a port under the dash.

Once plugged in, they were able to override commands from the vehicle’s electronic control module.

“You have one computer in the car telling it to do one thing and we’re telling it to do something else,” says Miller. “Essentially our solution is to knock the other computer offline.”

Every piece of software has a back door, which is why FCA launched a “bug bounty” cyber-threat tip line last month. By offering fledgling hackers and seasoned experts up to $1,500 in exchange for tips on software vulnerabilities, the automaker hopes to safeguard its vehicles from evildoers.

Both researchers note that while potentially dangerous, drivers can physically cut short any hacking attempt — assuming they notice it in time. If a hacker takes control of a vehicle’s accelerator, a driver can still depress the brake, slowing the car. The same goes for steering.

In a statement, FCA said it admired the hackers’ creativity, but added that their Jeep “appears to have been altered back to an older level of software.” The automaker continued, stating, “It is highly unlikely that this exploit could be possible…if the vehicle software were still at the latest level.”

Does this mean Miller and Valasek won’t get a $1,500 check in the mail?

[Image: Fiat Chrysler Automobiles]

Steph Willems
Steph Willems

More by Steph Willems

Comments
Join the conversation
2 of 36 comments
  • Lorenzo Lorenzo on Aug 07, 2016

    I'm all in favor of electric steering, since a computer chip is best for speed sensitive steering effort. But does it have to be the same programmable chip that controls the ignition, fuel system, transmission shifting, anti-lock braking, and other discrete auto functions? It seems that a separate hard-wired chip for each auto function would be more secure. Most of those functions don't need to be connected to a super-brain with wireless access. With chip prices today, keeping systems separate wouldn't cost much more, if any more. Automakers just have an engine CPU and are piggy-backing every new feature onto that system, rather than create independent subsystems that would be easier to diagnose, repair and/or replace. Tying in wireless communications from the entertainment module to basic controls is further laziness.

  • FOG FOG on Aug 08, 2016

    The fact that the same two guys hacked into the same system is more than a little bit fishy. The first step after hacking a system is to create a way to get back in the next time. It sounds like the method used by these guys was simple code that allowed them to reflash the software back to the earlier hackable version. This time it was probably more like a parlor trick than a real accomplishment.

  • Wjtinfwb Funny. When EV's were bursting onto the scene; Tesla's, Volt's, Leaf's pure EV was all the rage and Hybrids were derided because they still used a gas engine to make them, ahem; usable. Even Volt's were later derided when it was revealed that the Volt's gas engine was actually connected to the wheels, not just a generator. Now, Hybrids are warmly welcomed into the Electric fraternity by virtue of being "electrified". If a change in definition is what it takes, I'm all for it. Hybrid's make so much sense in most American's usage patterns and if needed you can drive one cross-country essentially non-stop. Glad to see Hybrid's getting the love.
  • 3-On-The-Tree We also had a 1973 IH Scout that we rebuilt the engine in and it had dual glass packs, real loud. I miss those days.
  • 3-On-The-Tree Jeff thanks. Back in 1990 we had a 1964 Dodge D100 with a slant six with a 3 on the tree. I taught myself how to drive a standard in that truck. It was my one of many journeys into Mopar land. Had a 1973 Plymouth duster with a slant six and a 1974 Dodge Dart Custom with 318 V8. Great cars and easy to work on.
  • Akear What is GM good at?You led Mary............................................What a disgrace!
  • Randy in rocklin I have a 87 bot new with 200k miles and 3 head gasket jobs and bot another 87 turbo 5 speed with 70k miles and new head gaskets. They cost around 4k to do these days.
Next