Fiat Chrysler recall: Software on 1.4 million cars could be vulnerable to wireless hacking.

Fiat Chrysler Recalls 1.4 Million Cars After Hackers Commandeer Moving Jeep

Fiat Chrysler Recalls 1.4 Million Cars After Hackers Commandeer Moving Jeep

The Slatest
Your News Companion
July 24 2015 3:55 PM

Fiat Chrysler Recalls 1.4 Million Cars After Hackers Commandeer Moving Jeep

488583865-the-2014-jeep-cherokee-undergoes-assembly-at-the
This 2014 Jeep Cherokee, shown during assembly at the Chrysler Toledo North Plant, is one of 1.4 million vehicles recalled by Fiat Chrysler on Friday.

Photo by Bill Pugliano/Getty Images

Fiat Chrysler Automobiles U.S. is recalling 1.4 million vehicles for software upgrades after a report described two hackers' successful attempt to take control of a 2014 Jeep Cherokee while it was driving on a public road. From Reuters:

The announcement by FCA US LLC, formerly Chrysler Group LLC, comes after cybersecurity researchers used the Internet to turn off a car's engine as it drove, escalating concerns about the safety of Internet-connected vehicles.
The researchers used Fiat Chrysler's telematics system to break into a car being driven on the highway and issue commands to the engine, steering and brakes.
The National Highway Traffic Safety Administration (NHTSA) and members of Congress have expressed concern about the security of Internet-connected vehicle control systems.
Advertisement

The remote Jeep-jacking was executed by Charlie Miller and Chris Valasek. Andy Greenberg, who later described the experience in Wired, was driving it on a freeway in the St. Louis area and he was in on the stunt. While some of the commands Miller and Valasek gave the Jeep were almost playful—blasting a rap station on the radio and cranking up the air conditioning—they were also able to bring it to a stop by shutting down its transmission. In a separate exercise in a parking lot, they were able to disable the brakes.

In its recall notice posted Friday, Fiat Chrysler said the company had already instituted "network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report" and added that tapping into someone's vehicle, "if unauthorized, constitutes criminal action."

Fiat says that affected customers "will receive a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures." The following models, if equipped with 8.4-inch touchscreens, could be affected by the recall:

  • 2013-2015 Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

Fiat Chrysler has created a lookup tool for owners to check whether their vehicles are covered by the recall, which can be found here.

As noted by Greenberg in Wired, Democratic Sens. Ed Markey and Richard Blumenthal proposed legislation this week that would set minimum standards of wireless security for automobiles. The Security and Privacy in Your Car (SPY Car) Act would require manufacturers to disclose the measures taken to shield cars from hacking and allow consumers to opt out of data collection enabled by on-board technology.