Experts are urging owners of Fiat Chrysler Automobiles to update their on-board software after hackers took control of a Jeep over the internet and disabled the engine and brakes before crashing it into a ditch.
A security hole in the FCA’s Uconnect internet-enabled software allows hackers to remotely access the car’s systems and take control. Unlike some other cyber-attacks on cars where only the entertainment system is vulnerable, the Uconnect hack affects driving systems from the GPS and windscreen wipers to the steering, brakes and engine control.
The Uconnect system is installed in hundreds of thousands of cars made by the FCA group since late 2013. This allows owners to remotely start the car, unlock doors and flash the headlights using an app.
The hack was demonstrated by two security researchers who had previously demonstrated attacks on a Toyota Prius and a Ford Escape. Using a laptop and a mobile phone, they took control of a Jeep Cherokee whilst it was being driven, demonstrating their ability to control it and eventually forcing it into a ditch.
Unlike the majority of hacking attempts on cars, the vulnerability within the Uconnect system allows cybercriminals to take control of the car remotely, without the need to make physical contact with the car.
The security researchers notified Fiat Chrysler nine months ago, allowing the car manufacturer to release a security update to fix the problem, which it did on 16 July.
However the update requires users to manually update their cars by visiting the manufacturer’s site, downloading a programme on to a flash drive and inserting it into the car’s USB socket. FCA dealers can update the car for owners, but the company is apparently unable to automatically update the cars over the internet.