Connected cars mean hackable cars. It’s just a unfortunate that, for whatever reason, it’s the Jeeps that have the weakest electronic barriers.
In the United States, a report has surfaced stating that two suspects have been arrested for stealing over 100 vehicles in the areas of Houston, Texas. The cars involved in this spree of theft were all Jeeps and Dodges (but mostly Jeeps). Namely, the Cherokee and Wrangler.
The means by which the duo stole the cars is even more interesting as they only used simple equipment and, crucially, a laptop. Essentially, they hacked into the vehicle, were able to start it up, and drive across the border into Mexico.
Fiat Chrysler Automobiles say that they are fully cooperating with authorities on the matter. The preliminary investigations deduce that the two thieves had obtained ‘pirated’ special software reserved authorised for use only by dealers, service centres and certified locksmiths to essentially reprogram the car’s on-board computer to accept a new key fob.
This allowed them to just walk up to a target vehicle as if they were in possession of the actual key, start it up, and drive it off without any resistance or fuss. Astounding.
Pirated or otherwise, the more alarming issue this raises is the accessibility of this software to unscrupulous individuals with criminal intent – software capable enough to cripple any security countermeasures the car might have against theft since, as far as the car is aware, it’s the owner who is driving it across the border.
Separately, the same two hackers who last year publicly came forward to expose vulnerabilities in the Jeep UConnect infotainment and navigation system, and who are now working for Uber’s Advanced Technology Centre, have announced they have a infiltrated the Jeep system yet again to allow more pervasive outside control of the vehicle.
After the two cybersecurity researchers, Charlie Miller and Chris Valasek, revealed their method of remotely disabling a Jeep Cherokee as it was going along a highway on an expose by WIRED, FCA released a software patch to cover up the vulnerability they exploited which, among other things, allowed them to disable the Cherokee’s brakes, engine, and transmission as well as, in certain situations, control the steering.
Miller and Valasek’s new hack (which should be noted was performed on a Jeep with an older version of vehicle firmware) does not involve remote access and is instead executed through the car’s standard OBD diagnostics port.
Once they port was theirs, though, they were able to rewrite certain portions of the car’s ECU and disable certain safety protocols that would allow them to steer the car through the computer at any speed as well as engage/disengage the parking brake and manipulate the cruise control settings.
For more on Jeep vehicles, including pricing and specifications, check out our Showroom.
