Skip to main content

Jeep Cherokee remotely hacked and hijacked, owners urged to update car software

Hacking is serious business and when hackers break into a company and steal data, the company might lose some money and someone might get fired.

But when a hacker’s action can put a person in a life or death situation, it’s a completely different story.

That’s what Former National Security Agency hacker Charlie Miller and IOActive researcher Chris Valasek are persistently trying to tell everyone – most modern vehicles and driverless vehicles can be hacked and it can have devastating consequences.

Jeremiah Grossman, founder and CTO of WhiteHat Security comments on the state of modern vehicles saying that cars are " little more than rolling computers nowadays" and wonders "are we expected to install security software, etc there too?! Or, are manufacturers responsible for protecting their car's occupants against a digital adversary?" This is definitely a hot topic that will grow in the coming years.

The veteran security expert duo used a feature in the Fiat Chrysler telematics system Uconnect to break into a Jeep Cherokee being driven on the highway by a reporter for technology news site, Reuters (opens in new tab)reported on Wednesday.

First they turned on the Jeep Cherokee’s radio and activated other inessential features before “rewriting code embedded in the entertainment system hardware to issue commands through the internal network to steering, brakes and the engine.”

This was, however, a controlled test and no one was harmed.

Fiat Chrysler said it had issued a fix for the most serious vulnerability involved. The software patch is available for free on the company’s website and at dealerships.

"Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorised and unlawful access to vehicle systems," the company said.

The duo said that manufacturers, who are racing to add new Internet-connected features, should work much harder on creating safe capability for automatic over-the-air software updates, segregation of onboard entertainment and engineering networks, and intrusion-detection software for stopping improper commands.

As driverless cars push further into the mainstream, and the Internet of Things industry grows, so will the need for better security be greater.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.