Cyber security researchers Chris Valasek and Charlie Miller demonstrated that they can access to in-vehicle UConnect system over the internet and can control not just of the radio, A/C, and vehicle navigation system but also car’s engine, brakes and steering.
UConnect connects to the internet via mobile network or Wi-Fi “hot-spot” and is integrated with features like navigation, entertainment, control and voice command systems. These numerous features on UConnect allows one to access his favourite playlist on MP3 & USB or make a call or ask for direction to a certain address with simple voice commands. In simple words, UConnect works on Bluetooth technology, which enables different electronic devices to connect each other wirelessly.
The Chris Valasek and Charlie Miller have been researching car hacks for past few years. They teamed up with Wired’s Andy Greenberg ((Wired Magazine reporter) to demonstrate the vulnerability of UConnect which allows them to rewrite the firmware in the car’s chip so that they can control engine and wheel.
In actual drill, while Andy was driving a 2014 Jeep Cherokee on a Missouri highway, Charlie and Chris hacked into UConnect and managed to control radio station, changed A/C settings and windshield wipers turned on. They wirelessly disconnected the jeep’s engine, deactivated the brakes and took the full control of steering and allow the jeep to roll into a ditch. The outcomes of this drill are by far more alarming and surprising to many major automobile players spending millions of dollars to develop driverless cars. There is a possibility that such hacking incidents could happen with these cars softwares as well.
Both researchers, Chris Valasek and Charlie Miller worked with Chrysler from the past nine months to create a patch which is designed to prevent such attacks on Fiat Chrysler’s UConnect system. Last week, Chrysler released statement on its website regarding software update for UConnect with a patch designed to prevent such attacks in future. Chris and Charlie will present their findings at Black Hat Conference next month.
This severe security flaw assumed to affect every Chrysler vehicle with UConnect produced from 2013 to till date. UConnect is available on several current and was available on several discontinued Chrysler models including the current Dodge Dart, Chrysler 300, Aspen, Sebring, Town and Country, Dodge Avenger, Caliber, Grand Caravan, Challenger, Charger, Journey and Ram.
So if you own one of those Chrysler cars, better hurry to your dealership and get a software patch done.