24 July 2015
- From the section Technology
Fiat Chrysler has issued a safety recall affecting 1.4m vehicles in the US, after security researchers showed that one of its cars could be hacked.
On Tuesday, tech magazine Wired reported that hackers had taken control of a Jeep Cherokee via its internet-connected entertainment system.
Chrysler said it was issuing a voluntary recall to update the software in affected vehicles.
The company added that hacking its vehicles was a “criminal action”.
Security researchers Charlie Miller and Chris Valasek demonstrated that it was possible for hackers to control a Jeep Cherokee remotely, using the car’s entertainment system which connected to the mobile data network.
The two security researchers have spent years investigating car control systems and developing ways to subvert them. The pair are due to reveal more information about their work at the Def Con hacker conference next month.
Shortly after the recall was announced, Mr Miller tweeted: “I wonder what is cheaper, designing secure cars or doing recalls?”
Fiat Chrysler said exploiting the flaw “required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code” and added manipulating its software “constitutes criminal action”.
- 2013-2015 MY Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challenger sports coupes
The company said it was “unaware of any injuries related to software exploitation”.
It said the recall was issued to help customers with the “ongoing software distribution that insulates connected vehicles from remote manipulation”.
The issue affected up to 1.4m vehicles sold in the United States, which had been fitted with the company’s uConnect system.
A spokesman for Fiat Chrysler told the BBC that no vehicles sold in the UK were affected.
However, this week in a separate research project security experts from the UK’s NCC Group showed how it was potentially possible to hack a car’s control systems through its digital radio.
The attack was accomplished using relatively cheap off-the-shelf components connected to a laptop, to create a DAB station that broadcast the malicious data.
The Fiat Chrysler recall comes soon after two US senators introduced a bill to call on the US Federal Trade Commission and the National Highway Traffic Safety Administration to set standards on vehicle security for car makers.
The bill would also create a security rating system for cars so consumers would know which ones worked hardest to make unhackable cars.