Can Hackers Hijack My Car?

Two older people freaking out in a car
Photo: Carl Smith / Getty

No matter what the device, If it has some kind of CPU in it, or is connected to the Internet, chances are someone has tried and possibly succeeded in hacking  it. Washing machines, pacemakers, road signs, nothing seems to be off limits.

Probably one of the scariest hacks that was previously thought to only work in the movies was hacking a car remotely. This was thought to be the domain of techno-thriller hacker fiction until a recent article in Wired featured a proof-of-concept remote car hijacking attack against a car that was being driven by a reporter who was writing a story on the topic.

Andy Greenberg of Wired, had the Jeep Cherokee that he was driving intentionally hacked by two car hacking researchers, in order to show that car-hacking is real and a really scary thing.

The hackers were able to take wireless control (via the Internet) over many of the car’s systems, from climate control to entertainment, steering, brakes, transmission, etc. Yes, you read that right, they basically had complete remote control over the car.

During the experiment, the hackers demonstrated their ability to control the steering wheel, disable the brakes, jerk the seat belt, and many other things that both distracted and terrified the reporter who’s car, for all intents and purposes, was under their complete and total control. The driver had become a passenger who just happened to be sitting in the driver's seat.

This is pretty much everyone’s nightmare scenario.

This hack was partly made possible by Fiat Chrysler’s Internet connected “Uconnect” feature, which acts as the smarts behind the vehicle’s entertainment, navigation, and other "connected" features. This system acted as the entry point by which the hacker researchers were able to remotely access and take control of the vehicle. The hackers were able to exploit a vulnerability in the system and gain remote access.

So the big question is:

Is My Car Vulnerable to This Hijacking Hack?

If you own a 2013 – 2015 Chrysler vehicle that features the Uconnect package, your car may be vulnerable to the type of hack mentioned in the Wired article. Although the actual vulnerability was proved to work on a Jeep Cherokee, the researchers believe that their exploit could be tweaked to work on any model of Chrysler that featured the vulnerable Uconnect system.

Chrysler recently released this list of vehicles that might be affected by the issue:

  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 Dodge Challenger Sport Coupes
  • 2013-2015 Ram 1500, 2500, and 2500 Pickups
  • 2013-2015 Ram 3500, 4500, and 5500 Chassis Cabs
  • 2015 MY Chrysler 200, Chrysler 300  and Dodge Charger Sedans
  • 2013-2015 MY Dodge Viper Specialty Vehicles

If my Car is Vulnerable to The Hack,  How do I Fix it or Have it Fixed?

Best Option - Take it to a Dealer

Your best option is to take your vehicle to a Chrysler dealer and let them perform the actual fix. Shortly after the Wired article Chrysler issued a formal recall of 1.4 million vehicles that might be affected by this newly discovered vulnerability. Chrysler also recently stated that they are taking action to address the issue at the network level, which would amount to blocking the attack on the Sprint network used by the Uconnect system.

Visit Chrysler’s website and look at the recalls section to determine if your vehicle might be affected or not.

Second Option - Do it Yourself

Probably a bit risky to try to tackle this problem yourself but, If you opt to Do-it-yourself, you can visit the Chrysler website and download the fix to a USB drive and attempt to install it yourself. I would recommend letting the dealer install it if at all possible as they will be sure to check and make sure all changes take effect and that the patch is correctly applied.