Owners of Jeep and Land Rover cars have had a shock this week with news reports highlighting security issues within both manufacturers’ cars specifically Jeep’s Cherokee and Land Rover’s Range Rover Sport models.
Jaguar Land Rover announced that their security issues could result in the cars doors being locked and unlocked without the owner’s consent (one instance reported this happened whilst the car was moving). Land Rover has assured the public that no accidents or injuries have happened because of this glitch.
Over 65,000 affected owners of the Range Rover Sport model will be notified that they will need to return the car to a near-by dealership to download a free-of-charge update to combat this software security issue. However, this patch method itself has another major security flaw: users are advised that in most cases, this patch will be downloaded wirelessly through the dealerships Wi-Fi. This method of installation creates another potentially damaging security flaw should a hacker gain acess to the Wi-Fi and install ‘extra services’ at the same time.
Jeep have also issued a security update to any of their cars ‘fitted with a model RA3 or model RA4 radio/navigation system’ specifically within the Cherokee model.
Charlie Miller a computer security researcher with Twitter posted on his Twitter account “this update might not sound particularly important, but trust me, if you can, you really should install this one.” Charlie has been known to find high level security issues in other cars including the Toyota Prius and Ford Escape.
Shortly after this Tweet, Wired Magazine published an article detailing how ‘hackers’ (Charlie Miller and Chris Valasek) managed to hack into a moving Jeep Cherokee and crash it into a ditch with the author Andy Greenberg playing the ‘crash dummy’. This all happened whilst they were sat on a sofa 10 miles away using just a laptop and mobile phone to access the Jeep’s on-board systems via a wireless internet connection.
Andy reported that whilst he was driving, the hackers ‘took control of the car’ with “the vents in the Jeep Cherokee blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass”. Next, they cut the cars transmission- “immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl” before Andy was forced to drive the car into a ditch as the brakes were finally cut.
Unlike Land Rover’s Wi-fi patch method, Jeep have advised that their users can visit https://www.driveuconnect.com/software-update/ , enter their VIN and download the software onto a thumb drive to install the patch themselves, or go to a dealership for a trained mechanic to complete the process instead.