A flaw in several Chrysler models lets hackers remotely control them over the Internet, posing an unprecedented danger for American drivers. Hackers can cut the brakes, shut down the engine, drive it off the road, or make all the electronics go haywire. Jeep Cherokees, Chrysler 200s, Dodge Rams, and several other vehicles are vulnerable to such attacks, according to research revealed Tuesday. The core problem? A flaw in the wireless service Uconnect that connects these cars to the Sprint cellphone network.
The researchers, Charlie Miller and Chris Valasek, first demonstrated the hack to Wired Magazine by remotely hijacking a Jeep Cherokee driven by a news reporter.
“Right now I could do that to every [Chrysler] car in the United States on the Sprint network,” Miller told CNNMoney on Tuesday.
The researchers have concluded that the vulnerable Chrysler models are those from late 2013, all of 2014 and early 2015 that are loaded with Uconnect and the full navigation displays.
But Miller said there could be other vehicles with this weakness that he isn’t aware of. The researchers did not test any cars made by Ford, General Motors or others — but only because they’re a tiny team that lacks the funding to keep buying cars and the time to break into them.
Chrysler acknowledged the problem to CNNMoney on Tuesday. Chrysler said it left an unused computer communication channel open that unknowingly granted outside access to car controls. It is now offering a software upgrade that it says customers should install “at their earliest convenience.”
But Chrysler didn’t refer to this as a recall — or say drivers are at risk.
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection,” the company said.
Miller and Valasek said they presented their research to Chrysler last October, allowing the company develop a fix. Miller said the company had been “very kind and responsive.”
Written by Jose Pagliery