WIRED magazine article showing hackers can take control of Jeeps’ steering, brakes and transmission prompts 1.4 million vehicle recall by Fiat Chrysler
It sounds like the plot out of a sci-fi thriller.
Hackers “hack” into your car’s computer system and start messing with things – turning on the radio, windshield wipers or air conditioning.
But, then, things take a darker, more dangerous turn: The hackers disable your breaks, your transmission and your steering, leaving you stranded or worse – causing you to drive off the road or crash into other vehicles (or pedestrians) or to be run over by suspecting truckers and other traffic.
Crazy and scary as that may sound, it appears that it could be a reality … at least for the drivers of some vehicles.
The Detroit News, in David Shepardson’s article, “Fiat Chrysler will recall vehicles over hacking worries,” reports:
“Under government pressure, Fiat Chrysler Automobiles NV agreed Friday to recall 1.4 million vehicles that can be cyber-hacked remotely. The first-of-its-kind callback came just days after a magazine report showed hackers could wirelessly take control of some functions of a Jeep Cherokee.”
The Detroit News said the following about the magazine article that appears to have prompted the vehicle recall:
“Hackers for Wired magazine remotely hacked into a 2014 Jeep Cherokee in a real-world test that included disabling the SUV’s engine functions and controlling interior features such as air conditioning, locks and the radio.”
Significantly, the July 21, 2015, WIRED story, “Hacker remotely kill a Jeep on the highway – with me in it,” by Andy Greenberg, describes the reach of the “hack” as affecting much more than the air conditioning, locks and radio:
- “The result of [the “car-hacking research[ers’]”] work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.”
According to The Detroit News, “[t]he recall includes 1.4 million vehicles equipped with 8.4-inch touchscreens including: 2013-15 Dodge Vipers; 2013-15 Ram 1500, 2500 and 3500 pickups; 2013-15 Ram 3500, 4500, 5500 chassis cabs; 2014-15 Jeep Grand Cherokees and Cherokees; 2014-15 Dodge Durangos; 2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans; and 2015 Dodge Challengers.”
Additionally, vehicle owners can go to this website to see if their vehicles are covered by the recall.
Cause for concern
The extent to which vehicle owners should be concerned about their vulnerability to hackers depends on who one listens to.
Fiat Chrysler told The Detroit News:
- “The fix for the recall is a software update for certain radios that could be the subject of hacking.”
- “Of the 1.4 million recalled vehicles, Fiat Chrysler said it eliminated nearly all from hacking concerns earlier this week after its telecommunications provider closed an open port. But it acknowledged that 3 percent of the vehicles could be impacted by short-range wireless communications for owners who subscribe to mobile hotspots. A hacker would need to be within about 100 feet to potentially take control, the automaker said.”
- “Fiat Chrysler told NHTSA that it first learned of a security vulnerability in January from a researcher. The vehicles were open to hacking because a communications port was inadvertently left open and the radio firewalls were open by default. Fiat Chrysler began working on a fix then but did not immediately disclose the issue to NHTSA or the public. Fiat Chrysler said this week its cellular provider remotely closed the communications port that “removes the known risk of long-range remote hacking.”
However, in his WIRED story, Mr. Greenberg explained the following about the “hacking technique” that “lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country”:
- “All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which [the car-hacking researchers] won’t identify [yet], Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country.”
- “They’ve only tested their full set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, though they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to try remotely hacking into other makes and models of cars.”
To get a fuller picture of the security and safety implications that vehicle owners and operators may now face as a result of this car-hacking discovery, I strongly suggest everyone take the time to read the full WIRED story.
Hair-raising as the WIRED story may be, its reporting on the findings from the car-hacking researchers is importantly very eye-opening.
More proof that we’re all going to need to be very brave as we enter yet another of technology’s brave new worlds.
