Fiat Chrysler Automobiles U.S. is recalling 1.4 million vehicles for software upgrades after a report described two hackers' successful attempt to take control of a 2014 Jeep Cherokee while it was driving on a public road. From Reuters:
The announcement by FCA US LLC, formerly Chrysler Group LLC, comes after cybersecurity researchers used the Internet to turn off a car's engine as it drove, escalating concerns about the safety of Internet-connected vehicles.
The researchers used Fiat Chrysler's telematics system to break into a car being driven on the highway and issue commands to the engine, steering and brakes.
The National Highway Traffic Safety Administration (NHTSA) and members of Congress have expressed concern about the security of Internet-connected vehicle control systems.
The remote Jeep-jacking was executed by Charlie Miller and Chris Valasek. Andy Greenberg, who later described the experience in Wired, was driving it on a freeway in the St. Louis area and he was in on the stunt. While some of the commands Miller and Valasek gave the Jeep were almost playful—blasting a rap station on the radio and cranking up the air conditioning—they were also able to bring it to a stop by shutting down its transmission. In a separate exercise in a parking lot, they were able to disable the brakes.
In its recall notice posted Friday, Fiat Chrysler said the company had already instituted "network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report" and added that tapping into someone's vehicle, "if unauthorized, constitutes criminal action."
Fiat says that affected customers "will receive a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures." The following models, if equipped with 8.4-inch touchscreens, could be affected by the recall:
- 2013-2015 Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challenger sports coupes
Fiat Chrysler has created a lookup tool for owners to check whether their vehicles are covered by the recall, which can be found here.
As noted by Greenberg in Wired, Democratic Sens. Ed Markey and Richard Blumenthal proposed legislation this week that would set minimum standards of wireless security for automobiles. The Security and Privacy in Your Car (SPY Car) Act would require manufacturers to disclose the measures taken to shield cars from hacking and allow consumers to opt out of data collection enabled by on-board technology.