A new vulnerability has been found in Chrysler vehicles, according to a recent Wired exclusive report. A group of researchers found that the vulnerability lies in the UConnect system built into the dashboard computers of hundreds of thousands of Fiat Chrysler vehicles made since late 2013.
Two security experts, Chris Valasec and Charlie Miller, highlighted the vulnerability of the security system by attacking a Jeep Cherokee equipped with the UConnect. They discovered that attackers could remotedly locate cars by scanning for devices using the software and easily gain access via UConnect Internet-connected security system available on numerous Fiat Chrysler vehicles.
Valasec is the director of security intelligence for the security company IOActive and Miller is a former staffer at the NSA and currently a security engineer for Twitter. They used just a laptop and mobile phone to access the onboard systems. The hackers scanned Sprint’s cellular network for UConnect equipped vehicles, located the device’s IP from 10 miles away and took control of the vehicle as it was moving along a highway at 70 miles per hour. They could activate the brakes, steering, transmission and entertainment system.
Although it was just a demonstration, according to Miller and Valasec, half a million cars traveling around are potentially hackable.
The good news for Chrysler drivers is that the automaker released an update to its car systems a few months ago. The two experts are now urging Fiat drivers to get the update installed as soon as possible.
Another report shows that the 2015 Cadillac Escalade, 2014 Jeep Cherokee, and 2014 Toyota Prius are the most ‘hackable’ of 20 car models reviewed by the two experts and the 2014 Dodge Viper and 2014 Audi A8 are the least hackable.
Miller and Valasek’s analysis is based only on the technical configurations of different models. The experts didn’t actually remotely hack any of the cars in the report.