PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Hackers Remotely Hijack a Jeep, Crash it Into a Ditch

Angela Moscaritolo
 & Angela Moscaritolo Managing Editor, Consumer Electronics

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Chrysler has quietly released a Jeep software update to fix a major security vulnerability that could allow hackers to remotely hijack your vehicle.

Nextcar Bug artThe flaw, discovered by security researchers Charlie Miller and Chris Valasek, affects an Internet-connected computer feature in the dashboard called Uconnect—an optional upgrade that does not come standard in Chrysler vehicles. The duo recently demonstrated how they can leverage the flaw to remotely hack into a Jeep, taking Wired writer Andy Greenberg on a ride he won't soon forget.

Greenberg agreed to be the researcher's "digital crash-test dummy" and willingly got behind the wheel of a Jeep Cherokee on public roads in St. Louis. That's when things started getting weird.

"Though I hadn't touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting," he wrote in his account of the incident. "Next the radio switched to the local hip hop station ... I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass."

The hackers—sitting comfortably on the couch in Miller's basement 10 miles away—flashed an image of themselves on the car's digital display. Greenberg didn't panic; the hackers had assured him they wouldn't do anything life threatening. Then they cut the transmission.

"Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. The experiment had ceased to be fun," Greenberg wrote.

He then grabbed his iPhone and started to "beg" the hackers to stop. They had one more trick up their sleeves, though.

"The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch," Greenberg wrote.

The hackers said they're still working on "perfecting steering control," and for now can only hijack the wheel when the car is in reverse. They can also track the vehicle's coordinates, measure its speed, and drop pins on a map to track its route.

The attack is especially notable because the hackers executed it wirelessly, while not physically connected to the car with a laptop, which is how other car hacks have been carried out in the past. Miller and Valasek said they plan to reveal more details about the flaw at the Black Hat Conference next month.

For now, owners of vehicles with the Uconnect feature should install the update as soon as possible. The patch must be manually installed via USB stick or by a dealership mechanic. The flaw is said to affect several 2013-2014 models of Dodge Ram; the 2013-2014 Dodge Viper; the 2014 Jeep Cherokee, Jeep Grand Cherokee, and Dodge Durango; the 2015 Jeep Cherokee and Jeep Grand Cherokee; and 2015 Chrysler 200s.

In a statement, Chrysler didn't seem thrilled about how the researchers disclosed the problem.

"Under no circumstances does [Fiat Chrysler Automobiles] condone or believe it's appropriate to disclose 'how-to information' that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems," the company said.

Chrysler did, however, tell Wired that it "appreciates" Miller and Valasek's work. "We appreciate the contributions of cybersecurity advocates to augment the industry's understanding of potential vulnerabilities," Chrysler said. "However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety."

The software update is free; customers with questions can call Vehicle Care at 1-877-855-8400.

About Our Expert

Angela Moscaritolo

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade. 

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes. 

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app. 

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth. 

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light. 

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio