Hackers Burrow Into a Jeep Again - Will FCA Give Them $1,500?

hackers burrow into a jeep again will fca give them 1 500

The same two guys who brought you last year’s remote hacking of a Jeep Cherokee on a Missouri highway (and resulting 1.4 million vehicle recall) are at it again.

This time, Charlie Miller and Chris Valasek entered the same Cherokee’s electronic brain, bypassing security software to gain control over key driving functions, according to Wired.

Both men are security researchers, and take pride in finding new ways to defeat electronic walls put up by automakers. FCA added a patch to its Uconnect software last year after their discovery, but hackers gonna hack, you know.

One the surface, their latest hack is alarming. The two were able to control the Jeep’s cruise control and steering, even at high speeds. In practice, the hack isn’t anything like the earlier one — to do it, they needed to be inside the vehicle, with a laptop plugged into the Jeep’s electronic network via a port under the dash.

Once plugged in, they were able to override commands from the vehicle’s electronic control module.

“You have one computer in the car telling it to do one thing and we’re telling it to do something else,” says Miller. “Essentially our solution is to knock the other computer offline.”

Every piece of software has a back door, which is why FCA launched a “bug bounty” cyber-threat tip line last month. By offering fledgling hackers and seasoned experts up to $1,500 in exchange for tips on software vulnerabilities, the automaker hopes to safeguard its vehicles from evildoers.

Both researchers note that while potentially dangerous, drivers can physically cut short any hacking attempt — assuming they notice it in time. If a hacker takes control of a vehicle’s accelerator, a driver can still depress the brake, slowing the car. The same goes for steering.

In a statement, FCA said it admired the hackers’ creativity, but added that their Jeep “appears to have been altered back to an older level of software.” The automaker continued, stating, “It is highly unlikely that this exploit could be possible…if the vehicle software were still at the latest level.”

Does this mean Miller and Valasek won’t get a $1,500 check in the mail?

[Image: Fiat Chrysler Automobiles]

Comments
Join the conversation
2 of 36 comments
  • Lorenzo Lorenzo on Aug 07, 2016

    I'm all in favor of electric steering, since a computer chip is best for speed sensitive steering effort. But does it have to be the same programmable chip that controls the ignition, fuel system, transmission shifting, anti-lock braking, and other discrete auto functions? It seems that a separate hard-wired chip for each auto function would be more secure. Most of those functions don't need to be connected to a super-brain with wireless access. With chip prices today, keeping systems separate wouldn't cost much more, if any more. Automakers just have an engine CPU and are piggy-backing every new feature onto that system, rather than create independent subsystems that would be easier to diagnose, repair and/or replace. Tying in wireless communications from the entertainment module to basic controls is further laziness.

  • FOG FOG on Aug 08, 2016

    The fact that the same two guys hacked into the same system is more than a little bit fishy. The first step after hacking a system is to create a way to get back in the next time. It sounds like the method used by these guys was simple code that allowed them to reflash the software back to the earlier hackable version. This time it was probably more like a parlor trick than a real accomplishment.

  • SnarkyRichard J have no desire to get an EV and will never get one . Just give me a manual transmission , a high redline , grippy 4 wheel disc brakes and a two lane highway to slice and dice my way through traffic . No smart phone connectivity needed , just a powerful stereo with 6x9 speakers in the rear to give the classic rock sound of American freedom on the open road . And that's all I have to say about that .
  • Gregtwelve While Sichuan managed to avoid the nationwide energy rationing witnessed in 2021, attributed to a lack of coalWe have plenty of coal. Let's sell them something for a change. And let us not forget that historically the Chinese hate the Japanese for what they did in WW2, so that might have something to do with it.
  • Jkross22 A toenail in every pot.
  • SCE to AUX If the plant had been powered by internal combustion, this wouldn't have happened. The entire plant is just a toy for the rich.
  • Jkross22 Gotta give the auto industry trollups some props - trying to guilt their johns into giving a bigger tip. Hilarious! Can't ever say Mary Barra doesn't have a helluva sense of humor.
Next