Hackers were successfully able to wreck a Jeep Cherokee from the comfort of their living room via an exploit in the UConnect Infotainment system.
The hackers did end up having to rewrite the firmware so that their malicious code could run, so this in theory is not a “known” vulnerability but goes to show that its possible. It could be easy as exploiting one of the handheld OBD reader devices with malicious code that could update the vehicle software to allow any hacker access. This is something very possible and should not be ruled out as a possible way to breach the UConnect system on a wider scale.
Once the hackers obtained remote access to the vehicle they were able to change the music playing on the car, turned up the AC and eventually killed the transmission and brakes.
Furthermore the hackers turned the windshield wipers on and also displayed an image on the cars digital display of the two hackers causing the chaos. They did all of this while And Greenberg, a writer for Wired, was in the driver seat of the vehicle traveling at 70 MPH. Andy said he pumped the brakes with all of his might trying to bring the SUV to an uncontrollable halt into a ditch.
Luckily, the hackers were only performing this as a test but could easily have been a real world situation. As of now, they are only able to control the steering during reverse but are looking for ways to have control of the wheel when moving forward and once they discover this, the outcome would be catastrophic.
UConnect is enabled on most Chrysler vehicles. The remote hack is only capable on those vehicle with internet connectivity.
Maybe it’s time for us to start thinking about firewalls for our vehicles?