Las Vegas – Earlier this week during the annual Black Hat Briefings conference in Las Vegas, Nevada, a pair of hackers demonstrated a new method that enables them to take control over a 2014 Jeep Cherokee.
The hack comes at the hands of those responsible for the scandalous remote hijacking of Chrysler’s Uconnect in-car system back in July 2015. Charlie Miller and Chris Valasek did it again, although this time they needed direct access to the car instead of doing it remotely.
The tech experts showed how to exploit the virtual vulnerability of the Jeep Cherokee’s computer by hooking up a laptop directly to a port under the dashboard.
The connection allows them to interfere with the original signals coming from the car’s computer, sending their own commands instead taking over the vehicle’s functions.
The hackers need physical access to the vehicle to hijack the system
With this new hacking method, hackers can potentially override local computer commands in the car and severely threaten the driver and the passenger’s safety.
In the demonstration, Miller and Valasek explained how it was possible to send different signals to deactivate the brakes and the manual control of the steering wheel, going as far as driving the vehicle themselves using a laptop.
The acceleration system is vulnerable by using their latest technique. Miller and Valasek can quickly pump the gas before the driver realizes what is happening.
Also, cruise control mode on the Jeep Cherokee gives them nearly full control over the car, but like other assisted driving software, the driver can still control the vehicle and avoid dangerous maneuvers.
In spite of the fact that drivers could stop the hack threatening to take control over their cars, it remains a disturbing discovery in automotive security for the multinational automaker.
Chrysler is having a hard time making the Jeep Cherokee safe
Last year, the Black Hat Summit’s main event also starred a Chrysler Jeep. A group of hackers exploited a bug at the vehicle’s Uconnect program and took complete control over it remotely.
The discovery caused controversy and outrage among car owners who blatantly admired how their cars were remotely compromised by the actions of two guys on a computer.
Although Chrysler first claimed that “no defect” was found on their vehicles, the parent company of Jeep and Dodge ultimately saw themselves forced to issue a security patch and offer a recall of nearly 1.4 million vulnerable models.
Fiat Chrysler to recall 1.4 million vehicles over hacking #infosec #telematics #uconnecthack http://t.co/HIwTtfPLLK
— waxspeaks (@waxspeaks) July 28, 2015
Chrysler responded by issuing a statement dismissing the achievement, as it was not performed remotely like the first time around and, therefore, it poses no threat to most of their vehicles.
Charlie Miller and Chris Valasek currently work at Uber’s Advanced Technology Center, and they have stated that this would be their last venture into the field of car hacking.
Source: Wired
