Dude, where’s my Jeep? Hackers remotely run SUV off the road
Security experts have exposed a vulnerability in the Chrysler-built Jeep Cherokee's operating system that has allowed hackers to remotely take control of the vehicle and run it off the road.
Revealed by Wired, the vulnerability was exploited to commandeer the vehicle, cut its transmission and brakes, and take control of the steering wheel when the car was in reverse. While the exploit was tested in a somewhat controlled environment, with Wired journalist Andy Greenberg behind the wheel, Charlie Miller, one of the white-hat hackers who found the vulnerability, described the exploit as a "the kind of software bug most likely to kill someone".
The vulnerability exists in Chrysler's UConnect infotainment system, a cellular-driven feature that enables navigation, phone calls and an in-car wireless hotspot. Chrysler issued a patch for the vulnerability last week, but users must manually install it via a USB stick or take their car to a dealership.
Chrysler has confirmed that the issue only affects cars sold in the United Sates.
"Please note, no vehicles in Australia or any other international market outside of the USA were affected by this issue, as it is an American-only system not present in Australian vehicles," said Chrysler.
The researchers behind the attack will present their findings at Black Hat, an annual hacking conference, but will withhold crucial details to prevent the bug from being replicated.
Consumer Director of Trend Micro ANZ Tim Falinksi previously told CyberShack that he's very concerned about anything that can be connected to the internet or the cloud.
"As soon as [the car] starts connecting with satellites and cellular networks, you're giving a hacker the ability to get in," said Falinski.
"The reality these days is that cars are highly computerised. When you push your accelerator down, it's all done via electronic signals. Once [a hacker] gets into your car's computer system, they can change your brakes, accelerate your car, and turn on your indicators."
When a car's communications are open to the world, it becomes a target according to Falinksi.
"The question is what kind of security measures are they going to put in place to stop that happening?"