Skip to main content

Latest Jeep hack reminds us why we should keep our cars’ software updated

Jeep Cherokee
Last year, security researchers Charlie Miller and Chris Valasek demonstrated the threat of car hacking in a dramatic way, by taking control of a Jeep Cherokee’s transmission and brakes while the car was moving. Now they’re back with new hacks that seem more sinister, but may not pose an actual threat in the real world.

Miller and Valasek can now mess with more than the transmission and brakes. They can activate the parking brake, tamper with the cruise control, and use the Cherokee’s automated parking system to jerk the steering wheel 180 degrees while the car is in motion, according to Engadget. That doesn’t sound good.

Related Videos

However, that ability to sow mayhem comes with an asterisk. After Miller and Valasek revealed their first Jeep hack, Fiat Chrysler Automobiles (FCA) initiated a recall of 1.4 million cars to update software and eliminate the weak point the two security researchers exploited. For this second demonstration, though, Miller and Valasek used the same 2014 Cherokee as before. FCA claims the vehicle did receive the software update as part of last year’s recall, but that it had been “altered back to an older level of software.”

Read more: Worried about car hacking? FBI and DOT offer safety tips

Unlike the previous hack, this one also required a physical connection: a laptop was plugged into the Cherokee’s OBD-II diagnostic port the whole time. Miller and Valasek also had to install their own firmware, which disabled some of the car’s built security features, before they could gain control of the steering and other systems. Given that, it’s unlikely someone would be able to execute this hack in the real world without the target’s knowledge.

It’s worth noting that, as The Verge points out, hackers could gain access to a car’s OBD-II port through diagnostic devices like the Verizon Hum and Automatic Adapter, or the devices issued by insurance companies to track driver behavior in exchange for the possibility of rate discounts. The proliferation of these devices further erodes the wall that used to separate car systems from the world at large.

Updated on 08-03-2016 by Stephen Edelstein: FCA issued a statement in response to the latest Miller and Valasek hack. The carmaker noted that accomplishing the hack required “extensive technical knowledge” and physical access to the OBD-11 port. FCA also said that the Jeep Cherokee used in the demonstration had been updated to address the security issue exposed last year, but that its had been “altered back to an older level of software.”

“Based on the material provided, while we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA U.S. vehicles,” the company said.

Editors' Recommendations

Waymo keeps autonomous driving simulations running as cars stay parked
waymo arizona self driving car hub operations explained maintenance chandler

Waymo parked its fleet of prototype self-driving cars in response to the coronavirus pandemic, but that doesn't mean the company has stopped working on autonomous driving tech. Even with employees working from home, Waymo is still capable of running simulations 24 hours a day, seven days a week, continuing to develop autonomous driving systems, a company press release said.

Simulations were a big part of Waymo's operations before the pandemic. One day in simulation is equivalent to 100 years of real-world driving, according to Waymo. The majority of development work on any new piece of software is already done in simulation, before being released for use in actual cars, the company noted.

Read more
Why driverless cars are ugly, and how BMW plans to change that
BMW autonomous 7 series

Drawing a BMW isn't as straightforward as it once was.

The company's stylists need to preserve 92 years of car-building heritage while continuing to move its design language forward, and now there's a new challenge: adapting it to new technologies like electrification and different levels of computer-aided driving. At least 12 of the models it will launch by 2023 will be entirely electric, including a variant of the next-generation 7 Series, but batteries aren't keeping Domagoj Dukec, the firm's head of design, up at night. The much taller hurdle is autonomous driving.

Read more
iPhone, Apple Watch may function as car keys after iOS 13.4 update
iPhone 11 Pro in Pocket

iPhone and Apple Watch owners may soon be able to use the devices as car keys, according to evidence found in the first beta version of iOS 13.4.

The code for iOS 13.4 contains references to a CarKey API, according to 9to5Mac. The feature will allow people to use their iPhone and Apple Watch to unlock and lock the doors of NFC-compatible cars, as well as start them up. This will work even if the devices have run out of battery, and even if there is no network available.

Read more