Independent News and Media

Hackers 'remotely carjack' Jeep and drive it into ditch

HACKERS remotely carjacked a Jeep, took control of it and crash it into a ditch.

Two men used a laptop and a mobile phone to seize control of the Cherokee model as it drove at 70mph along the motorway - and turned off its engine, slammed on the brakes and ramped its wind-screen wipers to maximum speed.

They were also able to take over its steering - albeit only when it was in reverse - its brakes and its locks.

A video posted by WIRED journalist Andy Greenberg on the technology magazine's website shows him cede control of the vehicle while driving through St Louis, Missouri.

Amusingly, the hackers turn the radio, which happens to be playing I Wish by Skee-Lo, before bringing the Jeep to a complete stop, causing a tailback.

Greenbery wrote: "Though I hadn't touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system.

"Next the radio switched to the local hip-hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

"As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car's digital display … wearing their trademark track suits. A nice touch, I thought."

The video shows the pair - Charlie Miller and Chris Valasek - driving the two-tonne Jeep, with Greenberg in it, into a ditch.

Security experts Miller and Valasek say they accessed the Jeep's on-board controls via its wireless internet connection, called Uconnect, used by 470,000 cars made by Fiat Chrysler, SUVs and trucks, including some in Britain.

They say that Uconnect - which controls the vehicle's entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot - needs to make urgent security upgrade.

Chrysler has issued a patch to deal with the security breach - but it must be implemented via a USB stick or by a dealership mechanic, meaning many vehicles are unlikely to remain vulnerable.

Mr Miller said: "If consumers don't realize this is an issue, they should, and they should start complaining to carmakers."