Yikes. Fiat Chrysler announced on Friday that it’s recalling 1.4 million automobiles due to concerns about their software security. The announcement comes just days after hackers demonstrated a terrifying hack of a Jeep that was driving down the highway at 70 miles per hour.

BACKGROUND: Hackers take over a Jeep driving down the highway at 70 mph

The company says that it’s also “applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report,” presumably referring to the report in Wired earlier this week that detailed the Jeep hack.

The vulnerability affects cars equipped with 8.4-inch touch displays on the inside. Here is the complete list of cars that may be affected:

  • 2013-2015 MY Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

Customers whose vehicles are affected by the threat will receive USB devices that will offer additional security upgrades besides the patches that FCA delivered over the air this week.

Earlier this week, Wired reported that hackers Charlie Miller and Chris Valasek had developed code that could use a Jeep’s entertainment system to control “its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.” The hackers plan to give their research a full vetting at the big Black Hat conference in Las Vegas next month in what will surely be a highlight of the show.

To learn more, check out FCA’s full press release posted below.

Statement: Software Update

July 24, 2015 , Auburn Hills, Mich. – FCA US LLC is conducting a voluntary safety recall to update software in approximately 1,400,000 U.S. vehicles equipped with certain radios.The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action.Further, FCA US has applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report. These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015.The Company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration.Affected are certain vehicles equipped with 8.4-inch touchscreens among the following populations:
  • 2013-2015 MY Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

Customers affected by the recall will receive a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures. Alternately, customers may visit http://www.driveuconnect.com/software-update/ to input their Vehicle Identification Numbers (VINs) and determine if their vehicles are included in the recall.

The security of FCA US customers is a top priority, as is retaining their confidence in the Company’s products. Accordingly, FCA US has established a dedicated System Quality Engineering team focused on identifying and implementing best practices for software development and integration.

The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.

No defect has been found. FCA US is conducting this campaign out of an abundance of caution.

View Comments