Jeep Hacking Incident Leads to Fiat Chrysler Recall of 1.4M Vehicles

July 27, 2015

Fiat Chrysler has decided to recall about 1.4 million cars and trucks in the U.S. just days after two hackers detailed how they were able to take control of a Jeep Cherokee SUV over the Internet.

The company will update software to insulate the vehicles from being remotely controlled, and it said in a statement that hackers are committing a crime by manipulating vehicle without authorization.

The recall affects vehicles with 8.4-inch touchscreens including 2013 to 2015 Ram pickups and chassis cabs and Dodge Viper sports cars. Also covered are 2014 and 2015 Dodge Durango and Jeep Grand Cherokee and Cherokee SUVs, as well as the 2015 Chrysler 200 and 300, and the Dodge Charger and Challenger.

Fiat Chrysler says it also has taken security measures on its own vehicle network to prevent hacking. Those measures require no customer action and became effective on Thursday.

The recall covers about 1 million more vehicles than the company had originally believed were affected, all with a certain type of radio, the company statement said.

Fiat Chrysler says it knows of no incidents involving hacking of its vehicles except for the one unveiled this week. Initially the company didn’t issue a recall, but said it would contact all affected customers about a software update.

The fix is a response to a recent article in Wired magazine about two well-known hackers, Charlie Miller and Chris Valasek, who remotely took control of a Jeep Cherokee through its UConnect entertainment system. They were able to change the vehicle’s speed and control the brakes, radio, windshield wipers, transmission and other features.

Miller said Friday that he didn’t think the company statement about criminal activity was directed at them because they hacked into a vehicle they own. “I don’t think they are saying anything bad against us in that statement, just reminding people that if someone were to hack their car, it’d be against the law,” he said.

The issue also drew attention from the U.S. government’s road safety agency Friday. The National Highway Traffic Safety Administration opened an investigation to check the effectiveness of the Fiat Chrysler recall. The agency encouraged people to get the repairs done as soon as possible and said the recall is the right step to protect customers. “It sets an important precedent for how NHTSA and the industry will respond to cybersecurity vulnerabilities,” the agency said in a statement.

The Jeep incident was the latest warning to the auto industry, which is rapidly adding Internet-connected features like WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. Earlier this year, BMW had to offer a software patch after hackers remotely unlocked the doors of its cars.

Miller said he and Valasek first told FCA about their research in October and have been in touch with the company several times since then.

Owners of the recalled vehicles will get a USB drive that they can use to update the software. Fiat Chrysler says it provides added security features beyond what’s been done on the company’s vehicle network.

Customers can go to http://www.driveuconnect.com/software-update/ and punch in their vehicle identification number to find out if they’re included in the recall.

The company, known as FCA US LLC, also said it has set up a team focused on best practices for software development and integration into vehicles.