By Larry P. Vellequette, Crain News Service
DETROIT (July 22, 2015) — With little fanfare last week, Fiat Chrysler Automobiles (FCA) released a software update that the auto maker says “offers customers improved vehicle electronic security and communications system enhancements.”
On its face, the announcement seemed innocuous.
Two professional hackers — one of whom had worked for the National Security Agency — had shown they could wirelessly hack into hundreds of thousands of FCA vehicles and remotely take control of them.
As reported in Wired magazine on July 20, and complete with video evidence, hackers Charlie Miller and Chris Valasek were able to take command of an unmodified 2014 Jeep Cherokee while it was being driven on a St. Louis highway by Wired journalist Andy Greenberg.
The hackers did so by exploiting a vulnerability they had discovered in some versions of FCA's Uconnect infotainment system, which connects to the Internet via a cellular data connection through Sprint. The Uconnect system is installed in 2013-14 Chrysler, Dodge, Jeep and Ram vehicles, and the 2015 Chrysler 200, with an 8.4-inch touch screen and Wi-Fi hot spot.
Working via laptop computers from home, the hackers blasted the Cherokee's radio, turned on the wipers and a torrent of washer fluid and eventually shut off the Cherokee's engine while it was traveling on the highway.
Later, in a parking lot, the hackers demonstrated how they could take control of the Cherokee's steering wheel (but only while the transmission was in reverse) and even disable the brakes, sending a helpless Mr. Greenberg — keeping in contact with the hackers via cellphone — into a ditch.