Hack leads to FCA recall
FCA is conducting a voluntary safety recall to update software in approximately 1.4 million U.S. vehicles equipped with certain radios after hackers were able to gain control of a Jeep while in motion.
The move comes after an editorial feature published in Wired this week showed just how easy it was for two experienced computer security experts to compromise the UConnect dashboard computer system of a Jeep Cherokee being driven by journalist Andy Greenberg in St. Louis.
“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass,” Greenberg wrote.
“As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.”
FCA says the recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action.
Further, the automaker said it has applied network-level security measures to prevent the type of remote manipulation demonstrated by Wired.
“These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015,” FCA said in a statement.
Affected are certain vehicles equipped with 8.4-inch touchscreens among the following populations:
2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500, 2500 and 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee and Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes
Customers affected by the recall will receive a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures. Alternately, customers may visit a special website to input their VIN and determine if their vehicles are included in the recall.
“The security of FCA US customers is a top priority, as is retaining their confidence in the Company’s products. Accordingly, FCA US has established a dedicated System Quality Engineering team focused on identifying and implementing best practices for software development and integration,” the company added.
The recall action does not apply to Canada. According to FCA rep LouAnn Gosselin, the market access to cellular connectivity in the Canadian marketplace is different than in the U.S. so FCA Canada vehicles are not affected by this condition and therefore do not require a system upgrade.