Fiat Chrysler re­calls 1.4M cars and trucks af­ter hack­ers take con­trol of Jeep through ra­dio


Fiat Chrysler has de­cided to re­call about 1.4 mil­lion cars and trucks in the U.S. just days af­ter two hack­ers re­vealed that they took con­trol of a Jeep Cherokee SUV over the In­ter­net.

The com­pany also dis­closed in gov­ern­ment doc­u­ments that the hack­ers got into the Jeep through an elec­tronic open­ing in the ra­dio and said it would up­date soft­ware to close it. On Thurs­day, Fiat Chrysler sealed off a loop­hole in its in­ter­nal cel­lu­lar tele­phone net­work with ve­hi­cles to pre­vent sim­i­lar at­tacks, the au­tomaker said in a state­ment.

The vul­ner­a­bil­ity ex­posed by the hack rip­pled through the auto in­dus­try and drew the at­ten­tion of gov­ern­ment safety reg­u­la­tors, who on Fri­day opened an in­ves­ti­ga­tion into the in­ci­dent.

The Na­tional High­way Traf­fic Safety Ad­min­is­tra­tion said it would find out which other au­tomak­ers use the same ra­dios. It came as the in­dus­try is rapidly adding In­ter­net-con­nected fea­tures such as WiFi and nav­i­ga­tion that are con­ve­nient for driv­ers but make the car more vul­ner­a­ble to out­side at­tacks.

“I think it's a pretty big deal,” said James Carder, chief in­for­ma­tion se­cu­rity of­fi­cer for LogRhythm Inc., a Boul­der, Colorado, se­cu­rity com­pany. “This isn't in­tel­lec­tual prop­erty go­ing out the door, this is 1.4 mil­lion lives on the line.”

Au­tomak­ers, he said, have be­come ac­cus­tomed to test­ing me­chan­i­cal safety, but most aren't do­ing enough online se­cu­rity test­ing. Carder said he wouldn't be sur­prised to see a few more re­calls as au­tomak­ers check ve­hi­cle se­cu­rity. He noted that In­ter­net-ac­ces­si­ble cars have only been around for a few years, lim­it­ing the num­ber of cars and trucks that could be af­fected.

Shortly af­ter the hack was dis- closed in a Wired mag­a­zine ar­ti­cle this week, Fiat Chrysler said it would con­tact own­ers of 471,000 ve­hi­cles and of­fer soft­ware up­dates to fix the prob­lem. But doc­u­ments show that the wider re­call came at the urg­ing of gov­ern­ment safety reg­u­la­tors.

Fiat Chrysler, which faces penal­ties from NHTSA for re­call de­lays over sev­eral years, said in doc­u­ments that it agreed to the re­call even though there were no prob­lems in the field other than the Jeep at­tack, and it had no com­plaints or war­ranty claims. The com­pany also im­plied in its state­ment that the hack­ers broke the law by ma­nip­u­lat­ing a ve­hi­cle re­motely with­out au­tho­riza­tion.

The fix came af­ter two well­known hack­ers, Char­lie Miller and Chris Valasek, re­motely took con­trol of the Cherokee through its UCon­nect en­ter­tain­ment sys­tem. They were able to change the ve­hi­cle's speed and con­trol the brakes, ra­dio, wind­shield wipers, trans­mis­sion and other fea­tures.

Miller said Fri­day that he didn't think Fiat Chrysler's state­ment about crim­i­nal ac­tiv­ity was di­rected at them be­cause they hacked into a ve­hi­cle they own. “I don't think they are say­ing any­thing bad against us in that state­ment, just re­mind­ing peo­ple that if some­one were to hack their car, it'd be against the law,” he said.

The re­call af­fects ve­hi­cles with 8.4-inch touch­screens in­clud­ing 2013 to 2015 Ram pick­ups and chas­sis cabs and Dodge Viper sports cars. Also cov­ered are 2014 and 2015 Dodge Du­rango and Jeep Grand Cherokee and Cherokee SUVs, as well as the 2015 Chrysler 200 and 300, and the Dodge Charger and Chal­lenger.

Mark Reuss, Gen­eral Mo­tors' prod­uct de­vel­op­ment chief, wouldn't com­ment specif­i­cally on the Jeep in­ci­dent, but said Fri­day that GM is learn­ing about se- cu­rity mea­sures from the U.S. mil­i­tary and air­craft man­u­fac­tur­ers such as Boe­ing.

“Cy­ber se­cu­rity is one of the most im­por­tant things we spend time on these days,” he told re­porters on Fri­day.

Own­ers of the re­called ve­hi­cles will get a USB drive that they can use to up­date the soft­ware. Fiat Chrysler says it pro­vides added se­cu­rity be­yond the cel­lu­lar net­work fixes.

Cus­tomers can go to http://www.driveu­con­ soft­ware-up­date/ and punch in their ve­hi­cle iden­ti­fi­ca­tion num­ber to find out if they're in­cluded in the re­call.

Carder, the se­cu­rity ex­pert, said the odds that an av­er­age per­son's ve­hi­cle would be hacked are slim, but the news will make peo­ple more para­noid. He owns the same model Jeep that was hacked, and says he'll get the soft­ware fix done quickly.

“I'm sure my wife would ap­pre­ci­ate it,” he said


The Fiat Chrysler Au­to­mo­biles sign is seen af­ter be­ing un­veiled at Chrysler World Head­quar­ters in Auburn Hills, Mich. last year. Fiat Chrysler has de­cided to re­call about 1.4 mil­lion cars and trucks in the U.S. just days af­ter two hack­ers de­tailed how they were able to take con­trol of a Jeep Cherokee SUV over the In­ter­net, the com­pany an­nounced, Fri­day.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.