Fiat Chrysler Recalling 1.4M Vehicles Amid Concerns Over Remote Hack Attacks

With the steely eye of the government fixed firmly on Fiat Chrysler Automobiles NV, the company agreed today to recall 1.4 million vehicles that could be susceptible to remote hack attacks. This, a few days after researchers teamed up with a reporter to show how a Jeep Cherokee could be controlled wirelessly from miles away.

FCA issued a software patch for its Uconnect onboard system on Thursday, though at that time it didn’t directly acknowledge the Wired.com report of what it was like to be inside a hijacked Jeep.

The recall includes a software update that addresses certain radios that could be the subject of cyber hacking. FCA notes in a statement on the recall that no vehicles outside the United States are impacted and says the company hasn’t received any related complaints, warranty claims or accidents outside of the media demonstration.

“The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation which, if unauthorized, constitutes criminal action,” FCA said in a statement.

Furthermore, FCA says the network-level security measures it implemented as of July 23 prevent “the type of remote manipulation demonstrated in a recent media report.”

“These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015,” FCA says.

Customers affected by the recall will receive a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures.

Vehicles included in the recall are equipped with 8.4-inch touchscreens among the following populations:
• 2013-2015 MY Dodge Viper specialty vehicles
• 2013-2015 Ram 1500, 2500 and 3500 pickups
• 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
• 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
• 2014-2015 Dodge Durango SUVs
• 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
• 2015 Dodge Challenger sports coupes

Drivers can also visit FCA’s software update site to input their Vehicle Identification Numbers (VINs) and determine if their vehicles are included in the recall.

FCA is under a lot of pressure from the National Highway Traffic Safety Administration right now, in light of the company’s handling of almost two dozen recalls covering 11 million vehicles, notes the Detroit News.

Transportation Secretary Anthony Foxx didn’t have much to say on that front when asked during a reporters round table if a settlement with FCA was coming, saying only, “Give us time.”

But Foxx did say that the Obama administration will be pushing hard to make sure the nation’s 250 million cars and trucks are not susceptible to cyber hacking.

“We will push as hard as we can to ensure the security of vehicles is air tight,” Foxx said during the breakfast meeting sponsored by the Christian Science Monitor Friday morning.

“It’s an issue,” he added, noting that this may become a bigger issues as connected vehicles grow on the nation’s roads. “The time to get on this is right now.”

In the meantime, senators Ed Markey and Richard Blumenthal introduced an automotive security bill on Tuesday to set new digital security standards for cars and trucks called the Security and Privacy in Your Car, or SPY Act.

The measure would direct NHTSA and the Federal Trade Commission to establish federal standards to secure cars and protect drivers’ privacy, as well as establishing a rating system — or “cyber dashboard” — that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards.

Statement: Software Update [Fiat Chrysler Automobiles]
Fiat Chrysler will recall vehicles over hacking worries [Detroit News]