2006 Jeep Wrangler Rubicon Automatic 2-door Suv on 2040-cars

Auto blog

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

Total auto recalls already on record pace in 2014

If you've noticed that there have been more recalls than usual this year, you may be on to something. According to a report from the National Highway Traffic Safety Administration, the US market is on pace to break a record for recalls. In 2013, 22 million cars were recalled. We're only a third of the way through 2014, though, and we've already halved that figure, with 11 million units recalled. That's wild.
Considering the past few months, it shouldn't be a surprise that General Motors is leading the charge, with six million of the 11 million units recalled coming from one of the General's four brands. Between truck recalls, CUV recalls and the ignition switch recall, 2014 hasn't been a great year for GM.
Other recall leaders include Nissan (one million Sentra and Altima sedans), Honda (900,000 Odyssey minivans), Toyota (over one million units in a few recalls), Volkswagen (150,000 Passat sedans), Chrysler (644,000 Dodge Durango and Jeep Grand Cherokee SUVs) and most recently, Ford (434,000 units, the bulk of which were early Ford Escape CUVs). So while it's been a bad year for GM so far, its competitors aren't doing too well, either.

Hackers arrested after stealing more than 30 Jeeps in Texas

This article has been updated with details on how the thefts were carried out, and with comments from FCA. It seems the news regarding vehicle hacking continues to get worse, especially when it comes to products from Fiat Chrysler Automobiles. Last year, a Jeep Cherokee in St. Louis, Missouri, was wirelessly hacked from Pittsburgh. Nissan had to shut down its Leaf app because of vulnerabilities. Now, a pair of hackers in Houston, Texas, stole more than 30 Jeeps over a six-month period. The two were arrested by police last Friday while attempting to steal another vehicle. ABC 13 in Houston reports that police had been following Michael Arcee and Jesse Zelay for several months but were unable to catch them in the act until now. The two were using a laptop to connect to and start a vehicle. The thieves were able to access Fiat Chrysler's own DealerCONNECT software. After entering the vehicle identification number, the hackers were able to reprogram the cars' security systems to accept a generic key, according to The Houston Chronicle. Additionally, Automotive News reports that FCA subsequently updated the terms of use for its DealerCONNECT program. These thefts were not related to the UConnect remote hacks from last year. This content is hosted by a third party. To view it, please update your privacy preferences. Manage Settings. In April, this surveillance video showed the theft of a Jeep Wrangler Unlimited. It was this footage that first led the police to Arcee and Zelay. The police began to follow and record the pair. That investigation eventually led to Friday's arrest. Both are charged with unauthorized use of a motor vehicle. In addition, Arcee is charged with felon in possession of a weapon and possession with intent to deliver a controlled substance. According to ABC 13, Homeland Security is investigating more than 100 stolen FCA vehicles that they believe were hacked using this method. After their theft, the vehicles were brought across the border to Mexico. FCA is currently conducting an internal investigation into the matter. After this article was posted, the company reached out to Autoblog, stating "FCA US takes the safety and security of its customers seriously and incorporates security features in its vehicles that help to reduce the risk of unauthorized and unlawful access to vehicle systems and wireless communications. FCA US has been cooperating with Houston Police Department since they first started the investigation.