By KYW Tech Editor Ian Bush
PHILADELPHIA (CBS) — This is a software update that you shouldn’t ignore. Chrysler is patching a security flaw after a report found hundreds of thousands of vehicles potentially vulnerable to a remote takeover attack.
The fix is for cars, trucks, and SUVs that use Chrysler’s Uconnect feature, an Internet-connected dashboard system. While the automaker says it’s to ‘improve electronic security’ the reality is much starker.
Wired reporter Andy Greenberg says the flaw “…would allow someone to take over its steering, its transmission, and even its brakes.” But it’s not just talk.
He gets behind the wheel of a Jeep as security researchers Charlie Miller and Chris Valasek take control of the Cherokee with a couple of laptops from miles away. First, screwing with the air conditioning; next, displaying a picture on the center stack screen; then…
Miller: “Do it — kill it! Kill the engine!”
Valasek: “So we’re killing the engine right now!”
Greenberg: “I stomped on the gas, but the Jeep slowed to a crawl.”
In a video on Wired.com, they show how the Jeep’s steering, speedometer, brakes, and locks can fall under a hacker’s control. The windshield gets sprayed with washer fluid, and the engine shuts down — all without Greenberg doing a thing.
“Below a certain speed, they can control the Jeep’s steering, as long as it’s in reverse; pop its locks; mess with the speedometer; and, of course, disable the brakes,” Greenberg says.
Hundreds of thousands of Fiat Chrysler-made vehicles could be vulnerable. The automaker has issued a patch which it says is to ‘improve electronic security’ — but drivers have to download and install it manually or have a dealer do it.
Fiat Chrysler issued a statement, saying the auto maker has a dedicated team that focuses on developing cyber-security standards for all their vehicles, include remote services.
The company says the update improves the electronic security and communications systems for their vehicles. They compared software in vehicles to the software found in a smart phone or tablet, and directed customers who have any questions about installing the update to call their Vehicle Care service at 1-877-855-8400.