Two professional hackers demonstrated their ability to take command of an unmodified 2014 Jeep Cherokee while it was being driven by Wired journalist Andy Greenberg. They exploited a vulnerability they had discovered in some versions of Fiat Chrysler Automobiles’ Unconnect system, which connects to the internet through a Sprint cellular data connection.
In their demonstration, the hackers:
- blasted the vehicle’s radio
- turned on the wipers and a torrent of washer fluid
- shut off the Cherokee’s engine while it was traveling on the highway
- took control of the Cherokee’s steering wheel while the transmission was in reverse, and
- disabled the brakes.
A portion of the code will be shown at a black hat security conference next month, to convince auto manufacturers that their products are vulnerable.
FCA subsequently released a software update that it says “offers customers improved vehicle electronic security and communications system enhancements.”