The Jeep Hackers Are Back, and They’ve Come for Your Steering Wheel

Duo renowned for hacking a Cherokee in 2015 is at it again.

The dangers of automotive hacking feel a little more real today. With a bit of tinkering, two hackers were able to tinker with a Jeep Cherokee to allow them to control the SUV’s steering and brakes via the car’s OBD-II connection—effectively robbing the driver of control.

The duo, Charlie Miller and Chris Valasek, were the same people who all but forced Fiat Chrysler into issuing a recall for 1.4 million cars after they previously demonstrated how a talented programmer could remotely hack into some of FCA’s vehicles.

While Miller and Valasek were picked up by ride-hailing company Uber to work at their Advance Technology Center after revealing their initial findings last year, the duo has continued to fiddle around with their Jeep Cherokee. Their latest finding is more difficult to implement, as it requires a physical connection to the car’s OBD-II diagnostics port—but the danger is much more serious than what the hackers did last year.

Through the car’s OBD-II port, the hackers found they could update the car’s computer to turn off the computer’s security protocols implemented through FCA’s recall, Wired reports. After that, the pair was able to take complete control of the steering at any speed and in any gear. Miller and Valasek were also able to active the car’s parking brake, as well as turn cruise control on or off. If that sounds incredibly dangerous, that’s because it is incredibly dangerous.

David Paul Morris/Bloomberg via Getty Images

Though a dongle would actually have to be physically connected to the car for this hack to work, as The Verge notes, it would be possible for someone to connect a wireless OBD-II dongle, such as one of the OBD-II driving habit monitors issued by insurance companies, to carry out their malicious deeds.

When Wired contacted Fiat Chrysler for comment, the automaker responded, “While we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA US vehicles.” The company also stated the hack was performed on a car that was running an older version of software. It is unclear if the hack would still be successful on an updated vehicle.

Valise and Miller will show off their work this week at the Black Hat security conference in Las Vegas.