FCA US, aka Chrysler, is recalling 1.4 million late model vehicles because hackers can remotely take control of the cars and trucks. Chrysler had previously patched the software for current production, but at the insistence of NHTSA pre-patch models are being recalled. (NHTSA Blasts FCA Recalls – Big Fines, Maybe Criminal Charges Coming for Italian Automaker? Litigation Ongoing.)
“The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action, FCA said in a statement today.
“Further, FCA US has applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report. These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015.
FCA claims it is unaware of any injuries related to “software exploitation,” nor is it aware of any related complaints, warranty claims or accidents – independent of a spectacular media demonstration of vulnerabilities earlier this week when hackers remotely shut off a Jeep Cherokee on a road.
“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” said the Italian owned company.
Affected Chrysler vehicles include model year 2013-2015 Ram 1500, 2500, 3500, 4500, and 5500, 2015 Chrysler 200, Chrysler 300, Dodge Charger, and Dodge Challenger, 2014-2015 Jeep Grand Cherokee, Cherokee, and Dodge Durango, and 2013-2015 Dodge Viper vehicles.
FCA will notify and mail affected owners a USB drive that includes a software update that it says eliminates the hacking vulnerability. Owners may download the update to their own USB drive from http://www.driveuconnect.com/software-update/ or take their vehicle to a Chrysler dealer for immediate installation.
In an effort to “mitigate the effects of this security vulnerability,” Chrysler has had the wireless service provider close the open cellular connection to the vehicle that provided unauthorized access to the vehicle. “This measure may not have been implemented on all vehicles and does not address access by other means that will be remedied by the software update.”
