Can someone sitting miles away in their living room control your car? Can they turn up the air conditioning, change your favorite radio stations, and even control how fast or slow your car goes? Seems far-fetched and straight out of a scene from the latest James Bond flick, right? Brace yourself, for the answer is – Yes! Any hacker can take control of your car and even steer or crash it without getting anywhere near your car.
Chrysler discovered this the hard way recently when two security researchers Charlie Miller and Chris Valasek (above) exposed a major flaw in its online dashboard feature, Uconnect. The duo demonstrated how easy it was to leverage the security flaw and hack into a Jeep driven by a journo, Andy Greenberg from Wired.
Poor Greenberg while brave, did not realize the predicament he was putting himself into when he agreed to be the proverbial guinea pig for the experiment. Little did he know the Jeep Cherokee drive in St. Luis will turn into one he won’t forget in a hurry. Worse still it was on a public road and not on a test track.
Greenberg recalls, “Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting. Next the radio switched to the local hip hop station … I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. The experiment had ceased to be fun”.
At the outset the premise was that the hackers would not lead him into a life threatening situation and the whole experiment which seemed innocuous suddenly began to worry Greenberg. The hackers then took over the LCD of the car and display flashed their image and the transmission was cut.
Greenberg continues, “The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.” His nightmare had ended.
The security experts claim they can track the vehicles coordinates, track its route on a map and even measure and control its speed. They however are still perfecting the wheel control as currently they can take it over remotely only when the car is in reverse.
They will divulge more details on this in the upcoming Black Hat Conference in August. While this has excited the security experts the automobile giant, Fiat Chrysler remains impassive. In a statement it said, “Under no circumstances does Fiat Chrysler Automobiles condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.”
It released a Jeep software update to fix the flaw which affects any vehicle that has the Uconnect feature onboard. The update is free and more information on it and the vehicles it applies to can be had by calling 1-877-855-8400.