1.4 million vehicles recalled after hackers show they can disable Jeep on the highway
Fiat Chrysler is to recall 1.4 million vehicles after hackers remotely took control of a 2014 Jeep Cherokee on a US highway. The car firm's aim: to close the software loophole that allowed the attack to take place near St Louis.
The company said it had "applied network-level security measures" to block hackers from the ability to remotely access its vehicles via their Internet-ready Uconnect radios.
The recall, according to AdAge, involves a software patch that stops the type of hack attack demonstrated by professional hackers Charlie Miller and Chris Valasek.
On Monday, Wired magazine detailed how Miller and Valasek were able to take command of an unmodified 2014 Jeep Cherokee while it was being driven on a St. Louis highway by journalist Andy Greenberg.
The hackers did so via the SUV's Internet-connected Uconnect radio, which receives data through the Sprint cellular network.
Working via laptop computers from home, the hackers blasted the Cherokee's radio, turned on the wipers and washer fluid and eventually shut off the Cherokee's engine while it was traveling on the highway.
The patch to stop that type of attack can either be installed at the dealer, or downloaded by a consumer and installed into the radio via a USB flash drive.
Previously, Fiat Chrysler had only advised owners to download the software patch or take their vehicle to a dealer to have it installed. The campaign was stepped up to a formal recall and broadened yesterday by the company to include more vehicles, all equipped with 8.4-inch touchscreen Uconnect radios:
2013-15 Dodge Viper specialty vehicles
2013-15 Ram 1500, 2500 and 3500 pickups
2013-15 Ram 3500, 4500, 5500 Chassis Cabs
2014-15 Jeep Grand Cherokee and Cherokee SUVs
2014-15 Dodge Durango SUVs
2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes
The Dodge Dart and Journey, which also have 8.4-inch touchscreen Uconnect radios, are not affected, a spokesman confirmed.
To install the software patch, Fiat Chrysler said customers should visit a dedicated website and update and input their vehicle identification number and determine whether their vehicles are included in the recall.
The car firm said that to perform their remote takeover of the 2014 Cherokee, the hackers "required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code."
Later, in a parking lot, the hackers demonstrated to Wired how they could take control of the Cherokee's steering wheel, but only while the transmission was in reverse, and even disable the brakes, sending the SUV into a ditch.
Fiat Chrysler has come under fire from federal regulators and could face possible fines or other penalties for its handling of recent recalls.
National Highway Traffic Safety Administration chief Mark Rosekind said in a statement yesterday that the agency "encouraged" the company to elevate the voluntary software update to a full recall.
The move was needed to demonstrate the "swift and strong response" that should follow the discovery of vehicle cyber vulnerabilities, Rosekind said.
He added: "NHTSA appreciates that FCA has already taken action to partially address this vulnerability by working with its cellular provider.
"Launching a recall is the right step to protect Fiat Chrysler's customers and it sets an important precedent for how NHTSA and the industry will respond to cybersecurity vulnerabilities."
At the same time, the agency today opened an investigation to assess the effectiveness of FCA's software patch as part of the recall, Rosekind said.