Remote Control: Why Your Car May Be Vulnerable to Hackers
A Jeep Cherokee hack has led to the recall of 1.4 million Fiat Chrysler vehicles
You’re driving down the highway when suddenly you lose control of the steering, or worse, your engine shuts down. Instead of a malfunction, the problem could be a hacker.
It sounds like the stuff of science fiction, but officials at Fiat Chrysler Automobiles say it’s already happened. The perpetrators weren’t malicious hackers but two technology researchers working with Wired magazine who remotely infiltrated a 2014 Jeep Cherokee. They were able to take control of key systems — shutting off the engine while the car was in motion, disabling the brakes and even overriding the steering. The hackers also manipulated the radio volume and air conditioning fans and made the speedometer give false readings.
The feat sent shockwaves through the auto industry and government.
According to Fiat Chrysler, some 1.4 million Jeep, Dodge and Chrysler vehicles model year 2013 and newer (see complete list below) on the road today may be vulnerable to hacking. The company has launched a massive voluntary recall of these vehicles to plug software holes. It plans to send owners a USB device containing a software patch that will allow them to plug the security hole in their vehicle’s communication system.
Uconnect, an Internet-connected computer in the cars, seems to be the culprit, according to Wired. It controls the vehicles’ entertainment and navigation system, enables phone calls and more. If a hacker gets the car computer’s IP address, he can use an Internet connection to acquire control of key systems from anywhere in the country.
The auto maker meanwhile has added network level security to prevent any attempts to access a vehicle’s Uconnect system, according to Wired and the New York Times.
Various experts say the risk to drivers is negligible as they wait for the software update. Even so, the recall has raised alarms among industry and government officials, who plan to determine the extent to which our modern-day computer-dependent, network-connected cars and trucks are at risk from hackers, according to a Detroit News story Friday.
The recall also gained the attention of lawmakers. Ed Markey, Democratic U.S. Senator from Massachusetts, told the newspaper that the NHTSA need to look at other auto manufacturers’ software to ensure that other vehicles aren’t also at risk from hackers.
“There are no assurances that these vehicles are the only ones that are this unprotected from cyber attack. A safe and fully-equipped vehicle should be one that is equipped to protect drivers from hackers and thieves. Both automakers and NHTSA should be immediately taking steps to verify that other similar vulnerabilities do not exist in other models that are on the road,” Markey told Detroit News.
Congressional lawmakers have already begun taking action to ensure cars are hardened against hacking. A new bill introduced in the U.S. Senate last week would set minimum cybersecurity standards for automobiles, the NY Times reports. If passed, the law “would require cars to be designed with certain security principles, such as isolating physical components from Internet connections and including features that detect and block attacks.”
If you own a recent-model Fiat Chrysler vehicle you can input your Vehicle Identification Number (VIN) here to determine whether your vehicle is included in the recall.
The recall includes the following vehicles equipped with a 8.4-inch touchscreen device:
- 2013-15 Dodge Vipers
- 2013-15 Ram 1500, 2500 and 3500 pickups
- 2013-15 Ram 3500, 4500, 5500 chassis cabs
- 2014-15 Jeep Grand Cherokees and Cherokees
- 2014-15 Dodge Durangos
- 2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challengers