Security experts have demonstrated how to perform a hack of a Jeep Cherokee, while it is in motion, exposing a security flaw allowing remote access and control of any Jeep, Chrysler, Ram or Dodge.
The hack of a Jeep Cherokee, executed by researchers Charlie Miller, a former NSA staffer, and Chris Valasek, director of vehicle security for IOActive, forcing Fiat Chrysler Automobiles (FCA) to recall 1.4M vehicles.
The researchers worked alongside Andy Greenberg, Wired.com writer, implementing the hack from approximately 16km away while Greenberg was travelling at 110km/h.
The vehicle’s transmission, brakes, radio, air-conditioning and windscreen wipers were remotely controlled. The researchers say they are also working on steering control, which can currently only be hijacked while the car is in reverse.
The Uconnect system that allowed the hack is an in-car computer featuring Internet connectivity. The system is similar to that featured in a range of modern cars, controlling the entertainment, navigation and smartphone features of the vehicle.
FCA has issued a software patch that requires owners to download and install using a USB or visit a dealer and have them install the fix.
Gualberto Ranieri, senior vice president of communications for FCA, outlined the company’s commitment to correcting the flaw in a post on the FCA North America blog.
“FCA will be contacting potentially affected customers with these details and has provided the software update to the FCA US dealer network for immediate customer installation.
“In addition, FCA US has been working with its suppliers to implement additional protocols to block remote access,” said Gualberto Raineri.
Customers are able to see if their vehicle is affected by visiting the Uconnect website and entering their VIN numbers to check for the vulnerability.
FCA said in an official statement that no vehicles in Australia or outside of the USA were affected due to the absence of an external cellular connection.
FCA has also released a statement outlining a separate recall of 2011-2015 Dodge Journey and Fiat Freemont crossover utility vehicles (CUV’s) that were found to feature faulty engine covers.
The 2.4-liter, four-cylinder engines were affected, with engine covers coming loose and posing a fire risk when contact was made with exhaust components. The six-cylinder variants were not affected. FCA estimates 144,416 vehicles are affected in the U.S, with a total of 349,731 affected globally.
Jeep sales soar amidst recalls
the hack of a Jeep Cherokee, FCA announced in a statement that Jeep has achieved a record sales month in the European region, with 8,500 sales across the month.
The brand has seen consistent growth across Europe with the Grand Cherokee, Renegade and Wrangler proving successful.
In the statement FCA said: “In both June and first half, the Jeep brand was the fastest growing brand in the automotive passenger industry (Source: ACEA data).”
Jeep has also recently announced that it is expanding it’s production capacity over the next 18 months with new overseas facilities.