Chrysler gave a thumbs up to allow Wired magazine to retain 2 hackers, and see if they could access a Jeep remotely. The two hackers, Charlie Miller and Chris Valase, did. Miller and Valase were able to access and control the Jeep’s UConnect digital system.
With just internet access established, first the air conditioner in the vehicle was cranked to full blast. Now for some tunes. Enter hip hop music blasting through the car's sound system. When the Wired reporter in the car, Andy Greenberg, tried to use the control knob to turn down the volume, nothing happened. Nor did his hitting the power button turn off the music. Miller and Valase then remotely turned on the windshield wipers.
Experiment concluded, Chrysler was swift to act. First they issued a software patch blocking remote access to radios on their system. Chrysler will send car owners a USB device that will upgrade vehicle software or, they can visit a dedicated website for information and determining if their particular vehicle is affected in the newly discovered security vulnerability.
According to Chrysler, "On July 22, 2015, access to the previously open port on the radio was remotely closed by the cellular provider, immediately eliminating any risk of longrange, illegal and unauthorized remote 'hacking.”
Chrysler is now effecting a voluntary recall involving 1.4 million cars "out of an abundance of caution" after the Wired experiment. The recall is not from a safety issue, but rather is the first of its kind for an auto manufacturer: cyber security.
The recall is the first ever issued due to car system hacking. It’s not the brakes, it's not a faulty hose, it’s not even the computer in the car. This is a serious step by Chrysler to address remote vehicle hacking.
Chrysler's Jeep is not the first vehicle to be used in a demonstration to show “smart car”
vulnerabilities. The same two hackers, and the same writer, did a similar hack in a 2013 article for Forbes. The cars used for that experiment were a a Ford Escape and a Toyota Prius.
Additionally, numerous ways to hack keyless locking and engine systems have been documented since the introduction of the technology. As auto manufacturing has moved into designing cars with both the mechanical machinery required for a vehicle to operate and computer based navigation, controls, and even microchip brains in numerous systems, they now recognize the need to adapt security for the computer elements common in all smart cars.
Chrysler is the the first auto maker to take a car hack so seriously. These type of hacks are actually quite difficult to execute, and require the skill of experienced programmers. The risk of having your car engage its engine, play music and drive around the block via remote access of an unauthorized party is extremely rare.
It is prudent, however, and to be commended, that Chrysler responded to the hack with a voluntary recall. The National Highway Traffic Safety Administration, which oversees car recalls, approves, and sees this particular recall as setting an important precedent when it comes to computer security in vehicles.