(Photo from Wired Magazine)
As of Friday, Fiat Chrysler has launched a giant recall of about 1.4 million cars and trucks to shield its vehicles from computer hackers. The automaker plans to protect the vehicles by updating software in the infotainment system.
“Launching a recall is the right step to protect Fiat Chrysler’s customers, and it sets an important precedent for how NHTSA and the industry will respond to cybersecurity vulnerabilities,” NHTSA Administrator Mark Rosekind said.
The recall appears to have occurred after two hackers revealed that they took control of a Jeep Cherokee SUV over the Internet. The company disclosed that the hackers got into the Jeep through an electronic opening in the radio and said it would update software to close it. The hackers were able to crank up the air conditioning and take over the sound system. On Thursday, the automaker sealed off a loophole in its internal cellular telephone network with vehicles to prevent similar attacks.
Vehicles with 8.4-inch touchscreens included in the recall are 2013 to 2015 Dodge Vipers and Ram pickups; 2014 to 2015 Jeep Grand Cherokees; Cherokees and Dodge Durango SUVs and 2015 Chrysler 200, Chrysler 300 and Dodge Chargers and Challengers.
The vulnerability exposed by the hack has drawn the attention of government safety regulators, who on Friday opened an investigation into the incident. The NHTSA is now looking into all cars with the same radios.
It’s very common that vehicles have Internet-connected features such as WiFi and navigation. This makes it very convenient for drivers but leaves the car vulnerable to outside attacks.
Automakers, he said, have become accustomed to testing mechanical safety, but most aren’t doing online security testing. Carder said he wouldn’t be surprised to see a few more recalls as automakers check vehicle security. He noted that Internet-accessible cars have only been around for a few years, limiting the number of cars and trucks that could be affected.
Fiat Chrysler has stated it would contact owners of 471,000 vehicles and offer software updates to fix the problem. But documents show that the wider recall came at the urging of government safety regulators.
Fiat Chrysler, which faces penalties from NHTSA for recall delays over several years, said in documents that it agreed to the recall even though there were no problems in the field other than the Jeep attack, and it had no complaints or warranty claims. The company also implied in its statement that the hackers broke the law by manipulating a vehicle remotely without authorization.
NHTSA encouraged people to get the repairs done as soon as possible and said the recall is the right step to protect customers. “It sets an important precedent for how NHTSA and the industry will respond to cybersecurity vulnerabilities,” the agency said in a statement.
Owners of the recalled vehicles will get a USB drive that they can use to update the software. Fiat Chrysler says it provides added security beyond the cellular network fixes.
Customers can go to //www.driveuconnect.com/software-update/ with their VIN number to see if they’re included in the recall