A report shared exclusively with CNNMoney shows that the 2014 Jeep Cherokee, 2015 Cadillac Escalade and 2014 Toyota Prius were the most 'hackable' of 20 car models reviewed by automotive security researchers.
According to the report, both the 2014 Jeep Cherokee and the 2015 Escalade have an inherent security flaw: The cars' apps, Bluetooth and telematics -- which connects the car to a cellular network like OnStar -- are on the same network as the engine controls, steering, brakes and tire pressure monitor system.
The problem: A car's networked systems could become a gateway for hackers. If critical functions like steering are on the same network as features that connect the car to the Internet, that can put the vehicle at risk, Miller and Valasek say. A flaw in any of those Internet-connected features could put a hacker only a step away from communicating with the features directly controlling the driver's safety.
Let's say a driver accidentally downloaded a virus onto his phone and connected it to his car via Bluetooth. If the car's Bluetooth is running on the same network as the brakes, hackers could potentially make the car come to a screeching halt.
"Once they have code running on the Bluetooth computer [in your car], they can then do things like send out messages to tell the other components of the car to do stuff, like engage the brakes," Miller said.
In a statement, Jeep manufacturer Chrysler responded, "Our vehicles are equipped with security systems that help minimize the risk from real-world threats...Chrysler Group will endeavor to verify these claims and, if warranted, we will remediate them."
Chrysler added that they invite Miller and Valasek to share their findings with the company first so that they can find a solution together.
How hackers could slam on your car's brakes - Aug. 1, 2014
According to the report, both the 2014 Jeep Cherokee and the 2015 Escalade have an inherent security flaw: The cars' apps, Bluetooth and telematics -- which connects the car to a cellular network like OnStar -- are on the same network as the engine controls, steering, brakes and tire pressure monitor system.
The problem: A car's networked systems could become a gateway for hackers. If critical functions like steering are on the same network as features that connect the car to the Internet, that can put the vehicle at risk, Miller and Valasek say. A flaw in any of those Internet-connected features could put a hacker only a step away from communicating with the features directly controlling the driver's safety.
Let's say a driver accidentally downloaded a virus onto his phone and connected it to his car via Bluetooth. If the car's Bluetooth is running on the same network as the brakes, hackers could potentially make the car come to a screeching halt.
"Once they have code running on the Bluetooth computer [in your car], they can then do things like send out messages to tell the other components of the car to do stuff, like engage the brakes," Miller said.
In a statement, Jeep manufacturer Chrysler responded, "Our vehicles are equipped with security systems that help minimize the risk from real-world threats...Chrysler Group will endeavor to verify these claims and, if warranted, we will remediate them."
Chrysler added that they invite Miller and Valasek to share their findings with the company first so that they can find a solution together.
How hackers could slam on your car's brakes - Aug. 1, 2014
