Remember the duo that managed to hack a 2014 Jeep Cherokee last year? Well they’re back again and the online-security researchers have found a new way to exploit the SUV.
Last year, they found a vulnerability in the Cherokee’s Uconnect system which allowed them to connect to the SUV’s IP address and remotely control the car. They were able to disable the transmission and brakes and even take over the steering but the last maneuver can only be done when the Jeep is in reverse at low speeds. The steering portion of the hack may be scary but it won’t do too much damage since it only works at 5mph. Their discovery prompted Jeep to recall the affected vehicles and patch up the vulnerability.
Now working at Uber’s Advanced Technology Center, Charlie Miller and Chris Valasek found a new exploit for the same 2014 Cherokee and this time the hack will allow them to control the vehicle even if it’s moving at speeds as high as 30mph. This method isn’t exactly remote since it requires the hacker to physically plug in to the OBD-II connector before gaining access to the CAN bus (controller area network). They attack the can make the car accelerate, take sharp turns, change cruise control settings, control steering, and set the parking brake.
But there’s no need to panic. The hack is both time consuming and difficult to perform so the average car thief won’t be able to exploit the same problem. By revealing the vulnerability, Jeep and other car manufacturers can use the information and take pre-emptive action and create a safer system for future models, maybe even fix the problem in current models too.
This could only lead to better security for the Grand Wagoneer when it finally goes on sale.
Hopefully no matter how advanced these vehicles get there's some way to disable its capabilities like this just for safety reasons. Worst case scenario we have to get some tuner to get into the computer settings to make the changes.