The Jeep Cherokee has been on the market for less than two years, but it already had a rough life. First, the uncomplimentary spy images from the factory floor before the official release, then some issues with the 9-speed automatic transmission. Now, it’s starring in a video report by Wired that demonstrates the remote hijacking of the crossover.
Two computer researchers/hackers Charlie Miller and Chris Valasek discovered a vulnerability in the Jeep’s Uconnect system. The system is enabled with a cellular connection, which is very handy for browsing the internet and working from your car. However, a particular version of Uconnect exposes an interface that can be queried for information about the car. It also allowed for commands to be sent to the car remotely.
What kind of commands? They range from annoying and silly, such as updating the background image on the center screen and controlling the HVAC and radio functions. There are odd and more serious functions, such as controlling the windshield wipers and spray. There are also dangerous functions: taking over the control of the brakes, steering while in reverse, and shutting the car off remotely.
Andy Greenberg of Wired found out about it first hand in the video demonstration that you can watch on their site. Charlie and Chris were in Charlie’s basement, while Andy was in the Cherokee on a nearby highway. The hackers performed all kinds of tricks on Andy, including dangerously shutting off the car while on the public highway. They also demonstrated the brake override in a controlled environment/empty parking lot and sent Andy into a ditch.
FCA has released a software patch to remove the vulnerability and fix the remove hijacking problem. See this FCA press release dated July 16, 2015 for more details. This problem does not only affect the Jeep Cherokee, but also other Chrysler, Ram, Dodge, and Jeep vehicles with a certain version of Uconnect. The software update can be performed by the owners by downloading the fix and applying it via a USB drive. This is interesting in itself, because an owner is encouraged to perform the upgrade on their own. Of course, you can also take your car to the local dealership and have them perform the upgrade.
As more manufacturers and new car models switch to wireless communications (e.g. most of GM vehicles now have 4G connectivity), the remote vulnerability of the cars will become an issue all of us should be aware of.
Take a look at the first review of the 2014 Jeep Cherokee.