A vulnerability in Chrysler’s Uconnect service has allowed security researchers to remotely hack into Jeep Cherokees and control its features, such as braking and the transmission, Wired reported.
Wired said the researchers are working on perfecting steering control, as they can currently only hijack the wheel when the Jeep is in reverse.
Chrysler, along with many automakers, has rolled out Internet features to its cars through a mobile data connection.
Its Uconnect system controls the vehicle’s navigation and entertainment system, and offers features such as phone calls and an in-vehicle Wi-Fi hotspot.
Thanks to a vulnerable element in Uconnect, the researchers found that they were able to remotely take over a car if they had its IP address.
From the entry point – which the researchers will reveal during the Black Hat conference in Las Vegas in August – they move to another chip in the car’s head unit.
The firmware of the chip is rewritten with code hackers can use to send commands on the car’s internal network, or CAN bus, to control the systems of the car.
Wired reported that the researchers have demonstrated the ability to control the entertainment system, the transmission, and the brakes through the car’s Internet connection.
The two researchers said they’ve only tested their hack on a Jeep Cherokee, but they believe their attacks could be made to work on any Chrysler vehicle with the Uconnect head unit.
Chrysler has released a patch for the vulnerability on its website which Wired said can be installed via USB drive, or by a dealership.