PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Jeep Hackers Return With New Tricks

Jeep parent company Fiat Chrysler Automobiles, meanwhile, says not to worry.

Angela Moscaritolo
 & Angela Moscaritolo Managing Editor, Consumer Electronics

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

A year after Charlie Miller and Chris Valasek disclosed a major security vulnerability that could allow hackers to remotely hijack your Jeep, the infamous auto hackers are at it again.

Black Hat Bug ArtThe duo, who now work at Uber, again teamed up with Wired writer Andy Greenberg to publicize "a new arsenal of attacks" against the same 2014 Jeep Cherokee they hacked last year.

"By sending carefully crafted messages on the vehicle's internal network known as a CAN bus, they're now able to pull off even more dangerous, unprecedented tricks like causing unintended acceleration and slamming on the car's brakes or turning the vehicle's steering wheel at any speed," Greenberg writes.

The researchers plan to present their findings at the Black Hat conference later this week. Check out the video below for a peek at what they can do.

On the plus side, this new round of attacks isn't quite as menacing as last year's, as they can't be carried out remotely over the Internet. At this time, the hackers can only perform the attacks with a laptop plugged into the Jeep, though researchers cited in Greenberg's story say it's only a matter of time before another remote vulnerability, like the one Jeep patched last year as a result of Miller and Valasek's work, is discovered.

Jeep parent company Fiat Chrysler Automobiles did not immediately respond to a request for comment from PCMag, but told Greenberg that Miller and Valasek were using an old version of the car's software, and it's "highly unlikely" the exploit could be possible on the latest version. The company also reiterated that the attack requires a computer to be connected to the vehicle's onboard diagnostic port.

"While we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA US vehicles," the company said.

The hack comes after Fiat Chrysler Automobiles just last month launched a bug bounty program on the Bugcrowd platform, offering cold hard cash for information about security flaws in its vehicles and connected services. The company said its goal with this new program is to "foster a collaborative relationship with researchers" and encourage the practice of responsible disclosure.

About Our Expert

Angela Moscaritolo

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade. 

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes. 

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app. 

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth. 

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light. 

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio