Latest Jeep hack reminds us why we should keep our cars’ software updated

Jeep Cherokee
Last year, security researchers Charlie Miller and Chris Valasek demonstrated the threat of car hacking in a dramatic way, by taking control of a Jeep Cherokee’s transmission and brakes while the car was moving. Now they’re back with new hacks that seem more sinister, but may not pose an actual threat in the real world.

Miller and Valasek can now mess with more than the transmission and brakes. They can activate the parking brake, tamper with the cruise control, and use the Cherokee’s automated parking system to jerk the steering wheel 180 degrees while the car is in motion, according to Engadget. That doesn’t sound good.

However, that ability to sow mayhem comes with an asterisk. After Miller and Valasek revealed their first Jeep hack, Fiat Chrysler Automobiles (FCA) initiated a recall of 1.4 million cars to update software and eliminate the weak point the two security researchers exploited. For this second demonstration, though, Miller and Valasek used the same 2014 Cherokee as before. FCA claims the vehicle did receive the software update as part of last year’s recall, but that it had been “altered back to an older level of software.”

Read more: Worried about car hacking? FBI and DOT offer safety tips

Unlike the previous hack, this one also required a physical connection: a laptop was plugged into the Cherokee’s OBD-II diagnostic port the whole time. Miller and Valasek also had to install their own firmware, which disabled some of the car’s built security features, before they could gain control of the steering and other systems. Given that, it’s unlikely someone would be able to execute this hack in the real world without the target’s knowledge.

It’s worth noting that, as The Verge points out, hackers could gain access to a car’s OBD-II port through diagnostic devices like the Verizon Hum and Automatic Adapter, or the devices issued by insurance companies to track driver behavior in exchange for the possibility of rate discounts. The proliferation of these devices further erodes the wall that used to separate car systems from the world at large.

Updated on 08-03-2016 by Stephen Edelstein: FCA issued a statement in response to the latest Miller and Valasek hack. The carmaker noted that accomplishing the hack required “extensive technical knowledge” and physical access to the OBD-11 port. FCA also said that the Jeep Cherokee used in the demonstration had been updated to address the security issue exposed last year, but that its had been “altered back to an older level of software.”

“Based on the material provided, while we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA U.S. vehicles,” the company said.


Peloton’s tech lets truckers play follow the leader to boost fuel economy

Peloton Technology can help semi trucks save fuel by running close together on the highway. Using short-range wireless communications, the trucks get a kind of super cruise control.

Data breach compromises 773 million records, 21 million passwords

A security researcher was alerted to a collection of breached data that included more than 773 million compromised records. After digging deeper, the breach was revealed to contain more than 21 million passwords.

‘Fortnite’ security flaw let hackers spy on players through microphones

A security vulnerability found in Fortnite allowed hackers to gain access to other players' accounts, potentially letting them spy on conversations using the in-game microphone. It has been addressed.

Shutdown makes dozens of .gov websites insecure due to expired TLS certificates

The US government shutdown is causing trouble in internet security. As the shutdown enters day 22, dozens of government websites have been rendered insecure or inaccessible due to expired transport layer security (TLS) certificates.

Lexus LC convertible concept teases a new open-air flagship

Debuting at the 2019 Detroit Auto Show, the Lexus LC convertible concept adds open-air motoring to the sleek LC's resume. But Lexus won't commit to a production version of the car just yet.

Fast and Furious fans get revved up: Toyota’s Supra sports car is back

The 2020 Toyota Supra made its long-awaited debut at the 2019 Detroit Auto Show. The resurrected sports car, famous for a role in The Fast and the Furious, goes on sale in the U.S. this summer.

Muscle cars, trucks, and EVs roared into the subdued 2019 Detroit Auto Show

The 2019 Detroit Auto Show was the quietest edition of the event in recent memory, but that doesn't mean nothing significant happened inside the Cobo Center. Here are the new cars and concepts we saw at the show.

Big tech, bigger grille: BMW updates its 7 Series flagship for 2020

The BMW 7 Series will enter the 2020 model year with a host of updates inside, outside, and under the sheet metal. The new-look nose with a jumbo grille hides updated engines, while passengers benefit from smart tech features.
Emerging Tech

Ford’s sweaty robot bottom can simulate 10 years of seat use in mere days

Ford has developed 'Robutt,' a sweaty robot bottom that's designed to simulate the effects of having a pair of human buttocks sitting on its car seats for thousands of hours. Check it out.

In McLaren’s 600LT Spider, the engine is the only sound system you’ll need

The McLaren 600LT Spider is the inevitable convertible version of the 600LT coupe, itself a lighter, more powerful version of the McLaren 570S. The 600LT Spider boasts a 592-horsepower, twin-turbo V8, and a loud exhaust system to hear it…

Robomart’s self-driving grocery store is like Amazon Go on wheels

Robomart's driverless vehicle is like an Amazon Go store on wheels, with sensors tracking what you grab from the shelves. If you don't want to shop online or visit the grocery store yourself, Robomart will bring the store to you.

Ford has a plan to future-proof the hot-selling F-150 pickup truck

Worried about the threat of rising gas prices, Ford will add the F-150 to its growing portfolio of electrified vehicles. It is currently developing a hybrid F-150, and it will release an electric version of the next-generation truck.

Ford’s Mustang-inspired electric crossover will spawn a Lincoln luxury version

Lincoln will get its own version of parent Ford's first mass-market, long-range electric vehicle. While Ford's version will have styling inspired by the Mustang, Lincoln will take a more traditional approach.
Home Theater

Spotify adds simplified Car View mode for Android users

What was once just a test is now a reality: Spotify is rolling out a new, simplified in-car user interface for all Android users called Car View, which automatically engages when the app detects a car Bluetooth connection.