2014 Jeep Wrangler Unlimited Sahara on 2040-cars

Auto blog

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

What does Jeep have cooking with this stretched Cherokee?

Chrysler has been spotted testing what appears to be a stretched Jeep Cherokee prototype. Which seems odd, considering that Jeep already makes a Grand Cherokee, and that's an entirely different model. The question then is just what the company has in the works here. We don't know for sure – but we do have some ideas. We're anticipating a new Grand Wagoneer to serve as the brand's flagship model, but stretching the Cherokee's wheelbase to leapfrog the Grand Cherokee's would take more than eight inches – and stretching a "compact" platform to get there wouldn't seem to make a lot of sense. Alternatively Jeep could be looking to wedge a new model into its lineup in between the Cherokee and Grand Cherokee, potentially offering a third row of seats and wearing the Wagoneer name - sans the "Grand" - as part of a new range of seven-seaters. Just what the point would be, however, when the Dodge Durango already offers three rows based on the same platform as the Grand Cherokee, is a bit of a mystery. Another possibility is that it's not a Jeep at all, but rather a Dodge. The brand is in need of a replacement for the current Journey, and we're also waiting to see what FCA does to replace the Grand Cherokee since it unveiled the Chrysler Pacifica to replace the Town and Country. More of a crossover approach could take the Cherokee's Compact US Wide (CUSW) platform as its starting point, but stretched like this prototype to offer more space. Whatever it is, we're sure this won't be the last we'll have seen of it, so watch this space. Related Video:

In Michigan, car hackers could face life imprisonment

Car hackers may not want to mess with vehicles in and around the Motor City. A pair of Michigan lawmakers introduced legislation Thursday that would punish anyone who infiltrates a vehicle's electronic systems with penalties as harsh as life imprisonment. Senate bill 927 says that "a person shall not intentionally access or cause access to be made to an electronic system of a motor vehicle to willfully destroy, damage, impair, alter or gain unauthorized control of the motor vehicle." Offenders will be deemed guilty of a felony, and may be imprisoned for any number of years up to life in prison. The proposed legislation is one of the first attempts nationally to address the consequences for car hacking, which has become a top concern throughout the auto industry. Critics have accused executives of being slow to respond to the threats, which were first known as long as six years ago but gained attention last July when a pair of researchers remotely controlled a Jeep Cherokee. In January, the industry established an Information Sharing and Analysis Center to collectively evaluate security measures and counter breaches. But the Michigan bill isn't noteworthy only because of the life penalty prescribed; it's noteworthy for what's missing in its details. Language in the bill doesn't delineate between independent cyber-security researchers and criminals who intend to inflict harm or havoc. Under its provisions, it's possible Charlie Miller, pictured below, and Chris Valasek, the researchers who demonstrated last summer that the Cherokee could be remotely commandeered and controlled, could face life behind bars. Provisions of the legislation that prevent a person from "altering" the motor vehicle could ensnare car enthusiasts or gearheads who tinker with electronic systems to boost performance, increase fuel efficiency or add aftermarket features. In that context, Senate Bill 927 seems like the latest measure in a running feud between independent researchers, gearheads and big automakers. Car companies don't like third parties poking around their electronic systems and would prefer the researchers not reveal security weaknesses. Researchers, on the other hand, say many carmakers are either slow to fix or unwilling to repair security holes unless they're able to publish their findings.