Since 2010, several automotive security researchers have demonstrated the ability to inject messages into the CAN bus of a car, capable of affecting the physical systems of the vehicle. The widespread criticism of these methods as viable attack vectors was the claim that there was not a way for an attacker to inject these types of messages without close physical access to the vehicle.
In this paper, Chris Valasek and Charlie Miller demonstrate that remote attacks against unaltered vehicles is possible.This paper outlines the research into performing a remote attack against an unaltered 2014 Jeep Cherokee and similar vehicles that results in physical control of some aspects of the vehicle. We encourage everyone to take this threat seriously.