Last summer, Fiat Chrysler was forced to recall 1.4 million Jeep Cherokees after cybersecurity experts managed to wirelessly hack into the vehicle and take over its systems in a demonstration for Wired. Their hack managed to wirelessly disable the vehicle’s brakes at low speed and even cut the transmission, leaving it temporarily paralyzed on the highway in traffic.
Now those two hackers, Charlie Miller and Chris Valasek, are back with a new hack capable of suddenly applying the Jeep’s accelerator and turning the sharply steering wheel at speed. The hack, which is to be presented at the Black Hat security conference this week, works on Cherokees that had the previous vulnerability patched in the recall.
Unlike the other hack, this one cannot be applied wirelessly and requires a laptop to be plugged into a port located under the vehicle’s dashboard. Still, the bug is a good example of what hackers could be capable of if they were able to wirelessly tap into a vehicle again.
“Imagine last year if instead of cutting the transmission on the highway, we’d turned the wheel 180 degrees,” says Valasek told Wired in an interview. “You wouldn’t be on the phone with us. You’d be dead.”
FCA emphasized the fact Miller and Valasek’s newly-found bug could not be activated wirelessly when reached for comment.
“This demonstration required a computer to be physically connected into the vehicle’s onboard diagnostic (OBD) port and present in the vehicle,” the automaker said. “While we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA US vehicles.”
Miller and Valasek posted a couple of videos demonstrating the vulnerability, which we’ve embedded below.