2014 Jeep Grand Cherokee on 2040-cars

Auto blog

Jeep in St. Louis hacked from Pittsburgh

One of America's most popular vehicles contains a security flaw that allows hackers to remotely commandeer it from anywhere on the planet. Cyber-security researchers Chris Valasek and Charlie Miller say they've accessed critical vehicle controls on a 2014 Jeep Cherokee that allowed them to remotely control critical vehicle functions like braking, transmission function, and steering. Automakers have downplayed the possibility a car could be remotely compromised, but the significance of the findings detailed Tuesday could cause them to reevaluate the threats posed to hundreds of thousands of vehicles already on the road. A key finding – the pair needed no physical access to the Jeep to pull off the attack. Valasek and Miller accessed the controls via a security hole in the Sprint cellular connection to Chrysler's UConnect infotainment system. In the course of their research, Valasek sat in his Pittsburgh home and remotely manipulated Miller's Jeep as he drove along a highway outside St. Louis. If you know a car's IP address, they say, a hacker could control it from anywhere. "We didn't add anything, didn't touch it," Valasek told Autoblog. "A customer could drive one of these things off a lot, and they'd have no clue it had these open attack surfaces." Remotely, he disabled brakes, turned the radio volume up, engaged windshield wipers and tampered with the transmission. Further, they could conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. They conducted the experiments over multiple breaches. They made their findings public on the same day the National Highway Traffic Safety Administration, the federal agency in charge of vehicle safety, released its latest report on the readiness of government and automakers to fend off these sorts of cyber attacks. Later today, two US Senators are expected to introduce legislation that would help consumers better understand the potential risks of car hacking. In the early stages of their research, Valasek and Miller found a security flaw in the car's wi-fi that allowed them to remotely manipulate controls from a range of about three feet. But in recent months, they found another vulnerability in the Sprint cellular connection in the UConnect system. That was a key breakthrough. "Lo and behold, we found we could communicate with this thing using cellular, and then more research, and 'Holy cow,' we're using the Sprint network to communicate with these vehicles," Valasek said.

In Michigan, car hackers could face life imprisonment

Car hackers may not want to mess with vehicles in and around the Motor City. A pair of Michigan lawmakers introduced legislation Thursday that would punish anyone who infiltrates a vehicle's electronic systems with penalties as harsh as life imprisonment. Senate bill 927 says that "a person shall not intentionally access or cause access to be made to an electronic system of a motor vehicle to willfully destroy, damage, impair, alter or gain unauthorized control of the motor vehicle." Offenders will be deemed guilty of a felony, and may be imprisoned for any number of years up to life in prison. The proposed legislation is one of the first attempts nationally to address the consequences for car hacking, which has become a top concern throughout the auto industry. Critics have accused executives of being slow to respond to the threats, which were first known as long as six years ago but gained attention last July when a pair of researchers remotely controlled a Jeep Cherokee. In January, the industry established an Information Sharing and Analysis Center to collectively evaluate security measures and counter breaches. But the Michigan bill isn't noteworthy only because of the life penalty prescribed; it's noteworthy for what's missing in its details. Language in the bill doesn't delineate between independent cyber-security researchers and criminals who intend to inflict harm or havoc. Under its provisions, it's possible Charlie Miller, pictured below, and Chris Valasek, the researchers who demonstrated last summer that the Cherokee could be remotely commandeered and controlled, could face life behind bars. Provisions of the legislation that prevent a person from "altering" the motor vehicle could ensnare car enthusiasts or gearheads who tinker with electronic systems to boost performance, increase fuel efficiency or add aftermarket features. In that context, Senate Bill 927 seems like the latest measure in a running feud between independent researchers, gearheads and big automakers. Car companies don't like third parties poking around their electronic systems and would prefer the researchers not reveal security weaknesses. Researchers, on the other hand, say many carmakers are either slow to fix or unwilling to repair security holes unless they're able to publish their findings.

Jeep Wrangler 4xe, new Honda Civic and EV infrastructure | Autoblog Podcast #677

In this episode of the Autoblog Podcast, Editor-in-Chief Greg Migliore is joined by Senior Editor, Green, John Beltz Snyder and Yahoo Finance Senior Producer/Reporter Pras Subramanian. They start things off by talking about what they've been driving, including the Jeep Wrangler 4xe, Chevy Bolt EUV, Nissan 370Z Nismo and Mitsubishi Eclipse Cross. They discuss the reveal of the next-generation Honda Civic, opine about the Mercedes-AMG One hybrid supercar, talk about EV charging infrastructure and reminisce about the Hyundai Genesis Coupe. Finally, they reach into the mailbag to help a listener pick a used grand tourer. Autoblog Podcast #677 Get The Podcast iTunes – Subscribe to the Autoblog Podcast in iTunes RSS – Add the Autoblog Podcast feed to your RSS aggregator MP3 – Download the MP3 directly Rundown Cars we're driving:2021 Jeep Wrangler 4xe 2022 Chevrolet Bolt EUV 2020 Nissan 370Z Nismo 2022 Mitsubishi Eclipse Cross News 2022 Honda Civic revealed Mercedes-AMG One spy photos Green infrastructure Why the gas stations of the future might not include EV chargers — yet Ultium Charge 360 Used Vehicle Spotlight: 2010-2016 Hyundai Genesis Coupe  Spend My Money Feedback Email – Podcast@Autoblog.com Review the show on iTunes Autoblog is now live on your smart speakers and voice assistants with the audio Autoblog Daily Digest. Say “Hey Google, play the news from Autoblog” or "Alexa, open Autoblog" to get your favorite car website in audio form every day. A narrator will take you through the biggest stories or break down one of our comprehensive test drives. Related Video: