Last week under the guise of “offering customers improved vehicle electronic security and communication system enhancements”, FCA quietly released a software patch for Uconnect.
This wasn't your run of the mill software update however, professional hackers Charlie Miller and Chris Valasek alerted FCA to vulnerabilities they used to exploit their Uconnect system system and worked with them to patch it.
Miller and Valasek were able to remotely take control of a bone stock 2014 Jeep Cherokee by exploiting the cellular data connection Wi-Fi hot spot equipped Uconnect (with the 8.4 inch screen) vehicles use. The duo was able to crank up the radio volume, speed up the wipers and most alarming, shut the engine off on the highway.
Later in a parking lot they took control of the Cherokee's steering, albeit only in reverse as well as killing the brakes, leaving Wired journalist Andy Greenberg helpless in a ditch.
“Under no circumstances does FCA condone or believe it’s appropriate to disclose “how-to information” that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company said in a statement.
“Similar to a smartphone or tablet, vehicle software can require updates for improved security protection to reduce the potential risk of unauthorized and unlawful access to vehicle systems. The software security update, provided at no cost to customers, also includes Uconnect improvements introduced in the 2015 model year designed to enhance customer convenience and enjoyment of their vehicle.”
You can download the patch yourself from driveuconnect.com/software-update/ or you can contact your local dealer to schedule an appointment.