Fiat Chrysler recalls 1.4M vehicles due to hacking vulnerability
Company takes action as researchers demonstrate how hackers can take remote control of vehicles
Auburn Hills, Mich.—Fiat Chrysler Automobiles is conducting a voluntary safety recall to update software in approximately 1.4 million U.S. vehicles equipped with certain radios.
The company said the recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation.
FCA noted it’s unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents. The action follows a media demonstration in which two security researchers, Charlie Miller and Chris Valasek, showed how a Jeep Cherokee could be remotely hacked while on the road. The researchers demonstrated that a driver could remain helpless while hackers took wireless control of the vehicle’s radio and climate controls, as well as its braking and steering capabilities.
In response, FCA said it has applied network-level security measures to prevent this type of remote manipulation.
“These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network,” the company said.
Affected are certain vehicles equipped with 8.4-inch touchscreens among the following populations:
- 2013-2015 MY Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challenger sports coupes
Customers affected by the recall will receive a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures.
“The security of FCA US customers is a top priority, as is retaining their confidence in the Company’s products. Accordingly, FCA US has established a dedicated System Quality Engineering team focused on identifying and implementing best practices for software development and integration,” the company said.
The company noted that no defect has been found and that it is conducting the recall campaign “out of an abundance of caution.”
FCA added the software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.