Following successful hack, Fiat Chrysler outs software update to address vulnerability image

Last week, Fiat Chrysler Automobiles initiated a software update that should bring enhanced vehicle electronic security and some communications system improvements.

Looks inconspicuous and would hardly be headline worthy – but the delivery ties with a feat that could rock the entire automotive world. That’s because two former hackers, now turned security gurus, with one also having National Security Agency experience, had demonstrated an incredible achievement. They wirelessly hacked into a FCA vehicle (which means hundreds of thousands were actually vulnerable) and remotely took control of it. Wired magazine reported on Monday, complete with video proof, how hackers Charlie Miller and Chris Valasek took control of a stock 2014 Jeep Cherokee while it was being driven on a highway by a journalist. The cybersecurity experts exploited a vulnerability they found in certain variants of the automaker’s Uconnect infotainment system, which can use the Internet via a cellular data connection through Sprint. The affected system was used by 2013-14 Chrysler, Dodge, Jeep and Ram vehicles, and the 2015 Chrysler 200, with the 8.4-inch touch screen and Wi-Fi hot spot.

The hackers said they would unveil a portion of their code at a Black Hat security conference next month in Las Vegas, protected from attempts of other hackers to exploit the system’s vulnerability but showcasing enough to convince automakers they could easily be targeted. Additionally, they also told FCA about the exploit and worked with the company on a solution – presented five days before the news of the hack was released.

Via Automotive News Europe