Hackers Commandeer a Moving Jeep

Two hackers took remote control of a Jeep on a highway, turning on music, windshield wipers, and the air conditioning system. Then they flashed their smiling faces on the display.

It was all staged, of course, by our redoubtable rival, Wired magazine, whose Andy Greenberg knew only that he’d be hacked, not how. In fact, after recovering from the poltergeist-like possession of the Jeep’s peripheral features he got the full treatment: the transmission cut out and he slowed to a crawl. 

Staged or not, it was a genuine demonstration of the point that hackers Charlie Miller and Chris Valasek have been making with such tricks over the years: today’s connected cars are full of holes. More tricks are in store, from them and others, including a hacker-fest which Tesla is sponsoring at a “black hat” hacker’s convention early next month Las Vegas. The goal is to breach the security of a Tesla Model S.

At that convention Miller and Valasek will give details on how they commandeered the Jeep. All they’ve said so far is that they entered it via Chrysler’s Uconnect car communications system, needing to know nothing more than the Jeep’s IP address.

Such systems are typically the weakest point in today’s car. Last year a 14-year-old at a computer summer camp bought $15 worth of parts to build a box that let him hack into a Chevrolet Impala, exploiting General Motors’ Onstar communications system.

Fiat Chrysler, the manufacturer of the Jeep, denounced the pair for describing the exploit, even though the company—after working with the hackers for nine months—has been able to cover this particular hole with a software patch, which it has issued to Jeep owners.

“Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic,” writes Greenberg. “That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable.”