A pair of security experts showed the dangers of a Fiat Chrysler Automobiles security flaw by taking control of a Jeep on the highway. Security experts Charlie Miller and Chris Valasek said they used a laptop computer and a cellphone on the Sprint network to exploit a security hole in Fiat Chrysler’s Uconnect Internet-enabled software to disable the engine and brakes on a Jeep Cherokee while Wired reporter Andy Greenberg was driving on a stretch of highway in St. Louis. UPI has more:
Greenberg was Miller and Valasek were able to remotely wrest control of the radio, air conditioning, steering wheel and brakes while having a photo of themselves projected on the car’s digital display.
The hackers said the demonstration was different from their previous vehicle hacking attempts on a Ford Escape and a Toyota Prius because the Fiat Chrysler security flaw was exploited remotely and did not require them to directly wire into the car.
“From an attacker’s perspective, it’s a super nice vulnerability,” Miller said. Miller and Valasek said they informed Fiat Chrysler of the security flaw about nine months ago, and a security update to close the hole was released July 16. “This update might not sound particularly important, but trust me, if you can, you really should install this one,” Miller tweeted.
Computer security expert Graham Cluley agreed the update is crucial. “Note that the researchers believe that, although they’ve only tested it out on Jeeps, the attacks could be tweaked to work on any Chrysler car with a vulnerable Uconnect head unit,” he wrote on his website. “You should consider installing a security update that Jeep has issued for cars fitted with a model RA3 or model RA4 radio/navigation system.”