Fiat Chrysler Automobiles has just announced an official recall for 1.4 million vehicles to close a software loophole that allows a remote hacker to take control of a vehicle. This is in response to the video uploaded to the Internet earlier this week of a 2014 Jeep Cherokee being controlled remotely by a hacker.
On Monday, as part of an article for Wired magazine, Charlie Miller and Chris Valasek, a pair of hackers – that have spent the past year developing software to wirelessly hack into a Jeep Cherokee, sabotaging it – were able to take command and control of an unmodified 2014 Jeep Cherokee while it was being driven on a St. Louis highway by a journalist. The hackers did so via the Jeep’s Internet-connected Uconnect media system, that receives data through the cellular network.
Working remotely from home miles away, the hackers turned on the climate control, uploaded a picture of themselves onto the screen, blasted the Cherokee’s radio (Skee-Lo’s ‘I Wish’), blasted air-conditioning, turned on the wipers and a sprayed washer fluid and even shut off the Cherokee’s engine while it was travelling on the highway at 70 mph (110 km/h). Needless to say, this is a security concern.
In the the next experiment, they demonstrated in a parking lot, they demonstrated how they could take control of the Cherokee’s steering wheel, but only while the transmission was in reverse below a certain speed, pop the locks, mess with the speedometer, and even disable the brakes, sending the SUV into a ditch.
In response to this, earlier this week, FCA had advised owners to update their software but have since upgraded the advisory campaign to an official recall. In addition to the software upgrade in the affected vehicles, FCA US “has applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report. These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015.”
All affected vehicles are equipped with the 8.4-inch touchscreen.
-2013-2015 MY Dodge Viper specialty vehicles
-2013-2015 Ram 1500, 2500 and 3500 pickups
-2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
-2014-2015 Jeep Grand Cherokee and Cherokee SUVs
-2014-2015 Dodge Durango SUVs
-2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
-2015 Dodge Challenger sports coupes
Not all 8.4-inch touchscreen and Uconnect equipped vehicles are affected – the Dodge Dart and Journey are on the unaffected list.
Customers affected by the recall will receive a USB device that they may use to upgrade vehicle software themselves. This update will also provide additional security features independent of the network-level measures already implemented.
Customers can check to see if their vehicle is affected, by visiting http://www.driveuconnect.com/software-update/ to input their Vehicle Identification Numbers (VINs),
If a customer is not comfortable updating the units themselves, customers may contact their local dealership to install the update for them.