2014 Jeep Cherokee Latitude on 2040-cars

Auto blog

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

Supplier says Jeep Cherokee hack only affects FCA cars

Harman doesn't think that drivers need to worry about any further hacks of its products. The company supplies FCA's Uconnect infotainment system where a software vulnerability is responsible for a 1.4-million vehicle recall. "This experimental hack is unique to Chrysler," Harman CEO Dinesh Paliwal said to Automotive News. "This does not exist, to our assessment, in any other vehicle." The reason that the company wouldn't be involved is that automakers aren't simply plugging in the existing infotainment systems into new vehicles. According to Paliwal, Harman supplies the unit, but FCA and other automakers are able to make additional modifications for their vehicles. The National Highway Traffic Safety Administration has also recently taken up the question of broader software vulnerabilities in Harman's products. On July 29, the agency began investigating the company to check for similarities between Uconnect and the infotainment systems supplied to other automakers. The Jeep hack became national news when two researchers were remotely able to take control of a Cherokee. The vulnerability in the cellular connection even gave control over the brakes. "Once people get in the car and get into the CAN bus, then you can start to mimic and mess up many, many things in the car," Paliwal said to Automotive News. Politicians immediately responded with legislation to create federal standards in hopes of protecting drivers better. NHTSA also opened an investigation to make sure the automaker's software update actually solved the problem. Related Video:

FCA recalls 1.1 million vehicles worldwide due to confusing shifter

Fiat Chrysler is recalling 1.1 million vehicles worldwide to address the problematic shifter used on cars with eight-speed automatic transmissions. The issue is that the console-mounted shifter acts like a rocker switch and always returns to the middle position after moved. This has been deemed confusing to drivers – confusing enough to cause some to exit their vehicles without first selecting Park and leading to the car rolling away. FCA says 41 injuries are related to the shifter problem, and no evidence of equipment failure has been found. The company will enhance warning chimes and alter the shift strategy, meaning alert messages will be displayed in case the driver door is opened while the engine is running. With the door open, the transmission will prevent the car from moving even if Park is not selected. The affected vehicles are certain model-year 2012–2014 Dodge Charger and Chrysler 300 sedans, as well as model-year 2014–2015 Jeep Grand Cherokee SUVs, an estimated 811,586 US vehicles in total. The recall also affects 52,144 vehicles in Canada, 16,805 in Mexico, and 248,667 vehicles elsewhere. The shifter is used with ZF-designed and ZF-built eight-speed automatic; Audi uses a similar shifter setup in some of its vehicles, including the current-generation, which predated Chrysler's use of it. Chrysler uses a different, a rotating-dial-type shifter on eight-speed-equipped Rams. The company moved away from the problem shifter design in 2015 for the Charger and 300, and the Grand Cherokee's shift lever was modified for 2016. Owners of affected vehicles will be notified of the recall when service is available. Fiat Chrysler urges customers to follow the instructions in the vehicle's owner's manual in the meantime. Related Video: News Source: FCAImage Credit: AOL Recalls Chrysler Dodge Jeep RAM Ownership Safety SUV Sedan