Customers driving cars manufactured by Fiat Chrysler should get their vehicles back to their local dealers as soon as possible to receive a very important software patch.
Uconnect, the Internet-connected platform of Fiat Chrysler that brings navigation and entertainment features to its cars, was discovered to contain a massive security issue which allowed hackers to take control over a Jeep Cherokee.
The hackers gained access to a variety of controls in the vehicle. They were able to blast cold air through the vents of the vehicle, blare hip-hop music through its speakers, spray windshield wiper fluid and even showed up on the Jeep Cherokee's dashboard display system. Afterwards, the SUV was disabled by the hackers, leaving the vehicle stranded on the side of a highway.
It was fortunate that the hackers were security researchers, and that the driver of the hacked Jeep Cherokee was a reporter from news website Wired.
The problem is on a vulnerability that allows hackers to remotely connect to a vehicle using cellular connections and then rewrite firmware contained within the car's systems to be able to take control of physical parts such as the driving wheel and engine.
The two security researchers, Charlie Miller and Chris Valasek, are planning to publish a part of the exploit that they created at the Black Hat security conference in August to be reviewed by their peers, as well as send a message.
"Cars should be secure," Miller said. "If consumers don't realize this is an issue, they should, and they should start complaining to carmakers."
Customers should also be able to update the software found in their vehicles on their own, to avoid having to take their cars to the dealers every time a software update is released.
Miller and Valasek have been working on car hacks for years, but the vulnerability that they found with Uconnect is the most alarming on by far. The two researchers were surprised with the scope of possibilities for the attack, as they were able to hack into the Jeep Cherokee over the Internet while over ten miles away. Previously, they were only able to gain control of a vehicle by hacking into its systems using a laptop connected by a cable to the moving car.
With the recent advancements on in-car navigation and entertainment technology, it is very likely that other systems found in cars manufactured by other companies carry similar vulnerabilities. As such, security researchers and lawmakers are looking to push forward stricter regulation for the security of Internet-connected cars.