In a live demonstration of their automobile hacking skills, two experts subjected a reporter from Wired.com to near-panic situation by remotely controlling the engine, accelerator and brakes on his Jeep Cherokee.
Former National Security Agency hacker Charlie Miller and IOActive researcher Chris Valasek used a net-connected feature in the Fiat Chrysler system to break into the vehicle's hardware and manipulate it.
A slight tweaking of their code will help them hack other vehicles as well.
They were able to slow down the vehicle and jam the brakes, besides playing on its climate control and windshield wipers.
The willing reporter was prepared for non-life threatening cyber-attacks on his vehicle, which blasted cold air at him while turning on the radio volume to a full knob.
Advised against panicking, Andy Greenberg soon found plenty of reason to do so when the accelerator stopped working and vehicles began piling up behind on a slope on the highway, as hackers Miller and Valasek worked from afar to "compromise" his vehicle.
The duo was able to remotely trigger more than the dashboard and fully kill the engine, or disable the brakes.
They can even track the vehicle's GPS coordinates, measure its speed, and drop pins on a map to trace its route. The hackers can rewrite firmware in the entertainment chip to plant their code.
The duo is now working to perfect their steering control which can be done only when the vehicle is in reverse.
The research by the hacker duo has set off an alarm with senators to soon introduce an automotive security bill, seeking new digital security standards for cars and trucks as more automakers work to turn their vehicles into smart vehicles.
Uconnect, a net-connected feature in many Fiat Chrysler cars, SUVs and trucks, controls the vehicle's entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot.
Miller and Valasek can hack into Uconnect on any Chrysler vehicle and send commands to its engine and wheels.
Hackers would need to know the internet protocol address of a car in order to attack it specifically. As that address changes every time the car starts, it would be difficult unless they resort to attack randomly, the duo told Reuters.
By sharing their research with Chrysler they have enabled the company to release a patch to safeguard its software. For now, the patch has to be manually implemented.
"Fiat Chrysler Automobiles has a programme in place to continuously test vehicles systems to identify vulnerabilities and develop solutions," reads a Chrysler statement sent to Wired.