That rewritten firmware is capable of sending commands through the car's internal computer network, known as a CAN bus, to its physical components like the engine and wheels.
Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015.
(Photo © Whitney Curtis for WIRED.com)As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. This occurred just as I reached a long overpass, with no shoulder to offer an escape. At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward.
Cars lined up behind my bumper before passing me, honking.
The semi loomed in the mirror, bearing down on my immobilized Jeep.
Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume.
Though I hadn't touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system.
As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car's digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. The Jeep’s strange behavior wasn’t entirely unexpected. Louis to be Miller and Valasek's digital crash-test dummy, a willing subject on whom they could test the car-hacking research they'd been doing over the past year.
The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles.
Their hack enables surveillance too: They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route.