The root of the attack was a vulnerability in the Uconnect system, a software-based connected car system for a number of Fiat Chrysler cars, which allows smartphone owners to communicate with their vehicles over-the-air via Sprint's network. That allows car owners to remotely turn on the engine, track their vehicle over GPS, and includes a number of anti-theft features are thrown in for good measure.
The vulnerability allowed researchers Charlie Miller and Chris Valasek to remotely control the vehicle through its IP address, such as turning on and off the brakes, interfering with the driver's visibility by switching on the windshield wipers, and shutting off the engine.
The steering of one vehicle was also compromised, although only while the car was in reverse.
According to Wired, which published the story, a number of 2013-2014 models of Dodge Ram, Dodge Viper, and Jeep models are affected, among others.
As many as 471,000 vehicles in the US are said to be affected by the vulnerability.
Fiat Chrysler issued a patch last week, just shy of a month before the security duo's talk at Black Hat. The downside is that the patch has to be installed manually by the vehicle owner, and can't be served over-the-air.