Following an article published in Wired magazine where hackers remotely controlled a 2015 Jeep Cherokee, Fiat Chrysler Automobiles (FCA) released a voluntary recall to fix the bug.
For the recall, owners of affected vehicles will receive a USB device that they can plug into their cars’ entertainment systems to upgrade the software.
The recall affects the following FCA vehicles:
- 2013-2015 Dodge Viper
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500 and 550 chassis cabs
- 2014-2015 Jeep Cherokee
- 2014-2015 Jeep Grand Cherokee
- 2014-2015 Dodge Durango
- 2015 Chrysler 200
- 2015 Chrysler 300
- 2015 Dodge Challenger
- 2015 Dodge Charger
Along with the software update, FCA said that they made extra security enhancements to their networks that block remote access to certain vehicle features.
In the Wired article, hackers Charlie Miller and Chris Valasek demonstrated the remote takeover of a Jeep Cherokee using the vehicle’s Uconnect cellular wireless network. In the demonstration, the duo manipulated the windshield wipers and climate control systems and also completely disabled the vehicle by disabling the transmission. They also turned off the brakes.
The hackers’ demonstration shows the potential dangers facing the automotive industry as vehicles become more technologically advanced. The duo previously demonstrated a similar hack on a Toyota Prius.
On July 11, U.S. Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) introduced the Security and Privacy in Your Car (SPY Car) Act that would create federal standards for automotive security and establish a rating system. The system, called a cyber dashboard, will rank vehicles based on their ability to protect their owners’ privacy and security.
The bill would rely on the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to develop the security standards.
The standards would include hacking protection, data security and hacking mitigation. They would also allow consumers to know what information is being collected, allow them to opt out of data collection without losing functionality of their systems and not allow their information to be used for marketing without opt-in.
Over 1.4 million FCA vehicles are affected by this software bug. Owners of affected vehicles can either visit http://www.driveuconnect.com/software-update/ to download the software patch, or they can visit a dealer to have the patch installed for them at no cost.
Watch this TFLcar tech video of the 2015 Jeep Cherokee’s auto stop-start system: