Chrysler vehicles susceptible to cyber-attacks - KCTV5 News

Chrysler vehicles susceptible to cyber-attacks

Posted: Updated:
Hackers can disable brakes, shut down the engine, make electronics go haywire and even drive the cars off the road in Jeep Cherokees, Chrysler 200s, Dodge Rams and other models made since late 2013. (Source: Fiat Chrysler/CNN) Hackers can disable brakes, shut down the engine, make electronics go haywire and even drive the cars off the road in Jeep Cherokees, Chrysler 200s, Dodge Rams and other models made since late 2013. (Source: Fiat Chrysler/CNN)

A flaw in several Chrysler models lets hackers remotely control them over the Internet, posing an unprecedented danger for American drivers, and a company with a huge corporate headquarters in Kansas City may be partly to blame.

Charlie Miller and Chris Valasek, a pair of researchers, discovered they could do this to newer Chrysler vehicles that are connected to Sprint’s cellphone network.

Hackers can cut the brakes, shut down the engine, drive it off the road, or make all the electronics go haywire.

Jeep Cherokees, Chrysler 200s, Dodge Rams, and several other vehicles are vulnerable to such attacks, according to research revealed Tuesday.

The core problem? A flaw in the wireless service Uconnect that connects these cars to the Sprint cellphone network.

The researchers, Charlie Miller and Chris Valasek, first demonstrated the hack to Wired Magazine by remotely hijacking a Jeep Cherokee driven by a news reporter.

"Right now I could do that to every [Chrysler] car in the United States on the Sprint network," Miller said.

The researchers have concluded that the vulnerable Chrysler models are those from late 2013, all of 2014 and early 2015 that are loaded with Uconnect and the full navigation displays.

But Miller said there could be other vehicles with this weakness that he isn't aware of. The researchers did not test any cars made by Ford, General Motors or others - but only because they're a tiny team that lacks the funding to keep buying cars and the time to break into them.

Chrysler acknowledged the problem on Tuesday. Chrysler said it left an unused computer communication channel open that unknowingly granted outside access to car controls. It is now offering a software upgrade that it says customers should install "at their earliest convenience."

But Chrysler didn't refer to this as a recall or say drivers are at risk.

"Similar to a smartphone or tablet, vehicle software can require updates for improved security protection," the company said.

Miller and Valasek said they presented their research to Chrysler last October, allowing the company develop a fix. Miller said the company had been "very kind and responsive."

Modern day cars are smartphones on wheels - and just like any computer, vulnerable to hackers. 

In 2013, Miller and Valasek demonstrated how they could hack a car while sitting inside it. At the time, they had to physically connect a laptop to a car's dashboard.

Wireless connectivity - now standard in nearly every car - has upped the risk.

In this latest experiment, Miller and Valasek used a laptop to scan for any cars on the Sprint network that also use Uconnect.

In seconds, these researchers can tap into any car's "infotainment system." They can turn off the air conditioner, blast the radio volume, and change the navigation screen.

Once inside, they can then penetrate what's supposed to be a guarded layer: the computer backbone of the car. They can control the brakes, steering wheel and accelerator.

In the past, auto suppliers and car makers have assured this crossover - from infotainment to core controls - was impossible.

The researchers noted that Sprint, as the network operator, is also in the position to block this kind of attack. Sprint did not say whether it would do that on its own, but the company said it is "working with Chrysler to help them secure their vehicles."

On Tuesday, two U.S. senators introduced legislation to establish national safety and privacy standards for automobiles - and a rating system that tells you how safe a car is from cyberattacks.

Senators Edward Markey, of Massachusetts, and Richard Blumenthal, of Connecticut, call it the Security and Privacy in Your Car Act.

Next month, Miller and Valasek will reveal exactly how they hacked into the infotainment system, though not how they hijacked car controls.

Miller noted that it took him and his buddy nearly a year to figure this out. That should keep your average punk from figuring out how to do this - but only for a short while.

"It shouldn't be possible," Miller said. "I'm scared because you should not be able to attack cars remotely like this."

Copyright 2015 KCTV (Meredith Corp.) and CNN. All rights reserved.

Powered by Frankly
KCTV 5 News

Online Public File:

Powered by WorldNow CNN
All content © 2018, KCTV; Kansas City, MO. (A Meredith Corporation Station) . All Rights Reserved.
For more information on this site, please read our Privacy Policy, and Terms of Service, and Ad Choices.