Skip to main content

Hackers wirelessly disable a Jeep Cherokee from 10 miles away with Uconnect

2015 Jeep Cherokee
Image used with permission by copyright holder
The thought of “hackers” being able to shut down cars was confined to the hyperbolic ranting of paranoid technophobes just a few years ago. But with digital control now woven into nearly every automotive system, from in-dash entertainment to engine and braking control, the door for exploitation is open wide. And two software engineers just barged right through it, bringing a Jeep Cherokee to a dead stop right from the comfort of their living room.

Charlie Miller and Chris Valasek reached out to Wired writer Andy Greenberg to demonstrate how in-car connectivity can leave vehicles vulnerable to exploits beyond just messing with the radio. The duo discovered that Uconnect, the cellular-based infotainment system in Fiat-Chrysler vehicles, has a vulnerability that allows unprecedented access to the vehicle.

Anyone with the proper knowhow, software, and the vehicle’s IP address can exploit this and engage in a multitude of attacks. From a laptop miles away, the duo can take over the entertainment system, cranking the radio volume up and displaying images on the dash-mounted LED interface screen. They can even control the wipers and influence the digital gauge cluster.

uconnect-press
FCA’s Uconnect interface Image used with permission by copyright holder

But things get more serious: The engineers can totally kill the engine at slow speeds, or shift the transmission to neutral and leave the engine to rev helplessly, halting the Jeep used in the demonstration. The Jeep Cherokee has an available park-assist system which was also fair game for hacking. Normally, sensors guide servos in the steering wheel into a selected parking spot, but when broken into, the engineers could also take hold of that system too, essentially driving the car themselves. Fortunately for owners, that particular trick seems to work only when the car is in reverse. For now, anyway.

“I’d just stomp on the brakes and get out,” you might say, but the hackers are a step ahead of you there, too. Not only can they engage the door locks, but they can remotely kill the brakes, taking that last shred of control away from the driver.

Miller and Valasek have notified Fiat Chrysler Automobiles (FCA) of the Uconnect vulnerability, and the manufacturer pledges to issue a patch to hopefully plug the hole. They also stress that this is a larger issue all automakers need to be aware of, particularly with the growing trend toward semi-to-fully autonomous systems being developed in passenger cars. Taking control of a car might be the more extreme result of this security hole, but possibly more scary is what can be done without the driver being aware. Breaking into the car’s system reveals the vehicle’s GPS location, as well as the VIN and other user data that could be used in nefarious ways.

“If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

Editors' Recommendations

Alexander Kalogianni
Former Digital Trends Contributor
Alex K is an automotive writer based in New York. When not at his keyboard or behind the wheel of a car, Alex spends a lot of…
Kia EV3 vs Tesla Model Y: Can Kia’s new entry-level car take on Tesla?
White Kia EV3

The Kia EV3 is finally coming, and it could well end up being the best small-size electric SUV to buy when it finally rolls out. It's smaller than the Kia EV9, but it offers many of the same design elements and features. But there's another small-size electric car that's currently one of the most popular vehicles out there -- the Tesla Model Y.

How does the Kia EV3 compare with the Tesla Model Y? And is one vehicle actually better than the other? We put the Kia EV3 and the Tesla Model Y head-to-head to find out.
Design
The design of the Kia EV3 is very different than that of the Model Y, though they're both reasonably good-looking vehicles.

Read more
Entry-level Cadillac Optiq EV promises 300 miles of range for $54,000
2025 Cadillac Optiq front three quarter view.

The 2025 Cadillac Optiq will be the General Motors luxury brand's entry-level EV when it starts production late this fall. But it won't have entry-level specs.

After unveiling the Optiq in November 2023, Cadillac is now filling in some of the blanks on this electric crossover SUV's spec sheet. We now know that the Optiq will feature a standard dual-motor all-wheel drive powertrain tuned for 300 horsepower and 354 pound-feet of torque, along with an 85-kilowatt-hour battery pack providing an estimated range of over 300 miles. Like other GM EVs, the Optiq will be capable of one-pedal driving, with regenerative braking adjustable via a steering wheel paddle.

Read more
2024 Ford Mustang Mach-E Rally first drive: old pony learns new trick
2024 Ford Mustang Mach-E Rally driving on dirt.

With its Mustang Mach-E, Ford promised an electric SUV imbued with the spirit of the iconic Mustang performance car. Now well into its production run, the Mach-E is living up to its Mustang billing in that, like the traditional internal-combustion Mustang coupe and convertible, Ford wants to grow the herd of Mach-E variants.

Introduced for the 2021 model year, the Mach-E is nearing the point where most vehicles would see a redesign, or at least a major update. That seems especially pressing given the accumulation of fresher competition in the form of the Hyundai Ioniq 5, Kia EV6, and Chevrolet Blazer EV. But instead of a redesign, the big news for the 2024 Mustang Mach-E is a new Rally model designed for dirt-road driving.

Read more