Chrysler's Uconnect Vulnerability Can Lead to Steering Wheel Hijack

By CIOReview | Thursday, July 23, 2015

FREMONT, CA: A team of two researchers revealed the vulnerability of Chrysler vehicles to cyber attacks, reports Andy Greenberg for Wired who was a part of the vulnerability test.

Uconnect is an Internet-connected computer feature present in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks. It controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. By using Uconnect, anyone who knows the car’s IP address can access all its information from anywhere, reported Jason for Jalopnik.

To remotely hack Jeep Cheroke, the researchers used the Uconnect system as a gateway into the car to gain access to the Jeep’s infotainment system headunit. On reaching the headunit, they re-wrote it and got access to the entire CAN bus of the car essentially, the car’s nervous system. They used the access to do stuffs, like control of the wipers, brakes, throttle and even some limited control of the steering.

“That’s how they were able to wirelessly disconnect the Jeep’s engine with me behind the wheel, and later disable the brakes to send me rolling into a ditch,” reported Greenberg.

With the advancement in technology, more and more cars became connected to the internet that exposes them to hacking and unwanted access. Wireless connectivity has added fuel to this fire by enabling hackers to easily get hold of the vehicle’s infotainment system. The major reason for Chrysler being vulnerable to hacking is the inherent flaw in its wireless service Uconnect that connects their cars to the Sprint cellphone network.

The two researchers have shared their findings with Chrysler before they published their report, giving Chrysler the chance to better vehicle security. They have been working with Chrysler for the last nine months to help the company create the patch it discreetly. The researchers have reported that the Chrysler models dated from late 2013 to early 2015 that are loaded with Uconnect and the full navigation displays are mostly vulnerable.

Chrysler released a software update for a collection of its vehicles that have an internet-connected computer feature in their dashboard known as Uconnect. The carmaker posted a notice on its website informing its customers about a “software update to improve vehicle electronic security,” reported Wired.