Skip to main content

Hackers wirelessly disable a Jeep Cherokee from 10 miles away with Uconnect

2015 Jeep Cherokee
Image used with permission by copyright holder
The thought of “hackers” being able to shut down cars was confined to the hyperbolic ranting of paranoid technophobes just a few years ago. But with digital control now woven into nearly every automotive system, from in-dash entertainment to engine and braking control, the door for exploitation is open wide. And two software engineers just barged right through it, bringing a Jeep Cherokee to a dead stop right from the comfort of their living room.

Charlie Miller and Chris Valasek reached out to Wired writer Andy Greenberg to demonstrate how in-car connectivity can leave vehicles vulnerable to exploits beyond just messing with the radio. The duo discovered that Uconnect, the cellular-based infotainment system in Fiat-Chrysler vehicles, has a vulnerability that allows unprecedented access to the vehicle.

Anyone with the proper knowhow, software, and the vehicle’s IP address can exploit this and engage in a multitude of attacks. From a laptop miles away, the duo can take over the entertainment system, cranking the radio volume up and displaying images on the dash-mounted LED interface screen. They can even control the wipers and influence the digital gauge cluster.

uconnect-press
FCA’s Uconnect interface Image used with permission by copyright holder

But things get more serious: The engineers can totally kill the engine at slow speeds, or shift the transmission to neutral and leave the engine to rev helplessly, halting the Jeep used in the demonstration. The Jeep Cherokee has an available park-assist system which was also fair game for hacking. Normally, sensors guide servos in the steering wheel into a selected parking spot, but when broken into, the engineers could also take hold of that system too, essentially driving the car themselves. Fortunately for owners, that particular trick seems to work only when the car is in reverse. For now, anyway.

“I’d just stomp on the brakes and get out,” you might say, but the hackers are a step ahead of you there, too. Not only can they engage the door locks, but they can remotely kill the brakes, taking that last shred of control away from the driver.

Miller and Valasek have notified Fiat Chrysler Automobiles (FCA) of the Uconnect vulnerability, and the manufacturer pledges to issue a patch to hopefully plug the hole. They also stress that this is a larger issue all automakers need to be aware of, particularly with the growing trend toward semi-to-fully autonomous systems being developed in passenger cars. Taking control of a car might be the more extreme result of this security hole, but possibly more scary is what can be done without the driver being aware. Breaking into the car’s system reveals the vehicle’s GPS location, as well as the VIN and other user data that could be used in nefarious ways.

“If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”

Editors' Recommendations

Alexander Kalogianni
Former Digital Trends Contributor
Alex K is an automotive writer based in New York. When not at his keyboard or behind the wheel of a car, Alex spends a lot of…
Chinese doctors use 5G to perform surgery from hundreds of miles away
snapchat spectacles operation surgery

The surgeon behind your future life-saving surgery might not have to be in the same room as you. Heck, thanks to the burgeoning 5G revolution, they might not have to be in the same state as you. This is what was demonstrated by doctors in China earlier this month when cardiologist Huiming Guo assisted in carrying out a remote heart operation on a 41-year-old woman. While Guo was located in Guangdong General Hospital at the time, his patient was 400 kilometers away in Gaozhou People’s Hospital.

The use of 5G technology allowed Guo to observe and issue instructions during the four-hour procedure using 4K ultra-high definition live video. The 5G network used by the hospital is approximately 10 times faster than the current 4G mobile internet being used. In this scenario, it means more stable video streaming in a situation where a missed detail could, literally, make the difference between life and death.

Read more
Watch this 1,000-horsepower Jeep Trackhawk scorch supercars in the quarter mile
Hennessey HPE1200 Jeep Grand Cherokee Trackhawk

9.66 @ 145 mph Jeep Trackhawk World Record 1/4 Mile Run

With 707 horsepower courtesy of a 6.2-liter supercharged Hemi V8, the Jeep Grand Cherokee Trackhawk is pretty potent right out of the box. But Texas-based Hennessey Performance Engineering never settles for stock, so it turned the Trackhawk into a monster that devours quarter miles.

Read more
BMW scraps its unpopular approach to heated seats
Driver's seat and dashboard of the 2023 BMW iX M60.

BMW caused much consternation last year when it launched a subscription-only option for heated car seats.

The idea of having to pay a monthly fee of $18 to keep your posterior warm during the winter months still seems as absurd as ever, but the good news is that the German automaker has now decided to scrap the fee. What particularly irked customers was that they felt they were being forced to cough up extra for functions that would previously have been expected as standard. The fiasco even prompted a community of hackers to offer their services to unlock the feature for those unwilling to pay extra for it.

Read more