US hackers take control of a Jeep Cherokee; Australian Jeeps not at risk

JEEP has rushed to assure Australian customers that their cars can’t be hacked after US researchers worked their way into a Cherokee travelling down a highway overnight and killed its engine.

The Cherokee, Jeep’s second-best selling model in Australia, was hacked using a wireless connection only available in models sold in the US. As well as stalling the car, Wired reported that the hackers had also played with air-conditioning settings, tweaked the stereo system, switched on the wipers and sprayed the windscreen with washer fluid – and toyed with the car’s electronic throttle.

The hack was performed by the same pair that two years ago took control of a Ford Escape and Toyota Prius, although the difference this time around is that the hackers’ laptops used a wireless link, and not a cable connected to the car’s electronic brain.

The Jeep Cherokee was identified in the US last year as the car most vulnerable to a hacker attack, prompting a call for vehicles to be fitted with stickers showing star ratings similar to crash safety ones that flag how susceptible they are to electronic intrusion.

2

According to Jeep’s Australian spokesman Andrew Chesterton, the hackers had found a software flaw in the US market-only Cherokee’s Uconnect system – US buyers have the option of buying the car with a pre-installed mobile phone-style SIM card that keeps the vehicle connected to the internet without needing to piggyback off a smartphone connection.

He said the system was not sold outside the US, and was patched as part of a July 16 software update to the vehicle.

“Our vehicles (sold in Australia) do not have that technology, and in fact nor does any other vehicle sold outside the US,” Chesterton said.

The revelation that the Jeep Cherokee was vulnerable to remote attacks comes as the US government moves to officially outlaw hacking a vehicle.

A proposed bill before the senate calls on the US road safety watchdog, the National Highway Safety and Transport Administration, to set new standards that protect drivers from digital attacks.