Bad news: your 2013 or newer Jeep Cherokee may be vulnerable to a cyber attack.
Good news: Fiat Chrysler is aware of the problem and has created a downloadable fix to prevent an attack.
A recent video report by Wired shows how hackers can compromise a Jeep Cherokee remotely through its UConnect infotainment system. In the video, cyber security researchers Charlie Miller and Chris Valasek are able to essentially take over a 2014 Cherokee as Wired Senior Writer Andy Greenberg drives on a busy highway. The duo is able to take over the radio, ventilation system, and even kill the engine. Miller and Valasek say they are also able to remotely control braking, steering, and transmission function.
The purpose of this demonstration–and other demonstrations by Miller and Valasek–is to make people aware of the potential hacking risks with newer vehicles. They’ve presented their findings to the National Highway Traffic Safety Administration in hopes of fending off these sorts of attacks. They also alerted Fiat Chrysler back in October so it could create a fix for the problem. Chrysler customers can either download and install an update to UConnect or ask their local dealership to install the updated UConnect version.
“The company takes this matter seriously and works to protect our customers and products from security and safety risks,” a Chrysler spokesperson said in a written statement. “Indeed, the company monitors and tests the information systems of all its products to identify and eliminate vulnerabilities in the ordinary course of business.”
Chrysler said the updated software is available not just for the 2014 Cherokee, but also for the 2013-14 Viper, 2014 Durango, 2013-14 Grand Cherokee, 2013-14 Ram 1500, 2500, and 3500 pickups.