Chrysler recalls 1.4 million cars over hacking fears

Hackers use laptop to remotely take over a 2014 Jeep Cherokee on Missouri highway

Fiat Chrysler Automobiles is recalling about 1.4 million cars and trucks equipped with radios that are vulnerable to hacking. Photo: Reuters
Fiat Chrysler Automobiles is recalling about 1.4 million cars and trucks equipped with radios that are vulnerable to hacking. Photo: Reuters

Fiat Chrysler Automobiles is recalling about 1.4 million cars and trucks equipped with radios that are vulnerable to hacking. However, no European models are affected.

The company said in a statement it has blocked unauthorised remote access to certain vehicles systems with a network-level improvement on Thursday.

Fiat Chrysler was already distributing software to insulate connected vehicles from illegal remote manipulation after Wired magazine published a story about software programmers who were able to take over a Jeep Cherokee being driven on a Missouri highway.

Fiat Chrysler reiterated that it’s not aware of any real-world unauthorised remote hack into any of its vehicles. It stressed that no defect was found and that it’s conducting the campaign out of “an abundance of caution.”

READ MORE

The recall covers almost a million more models than those initially identified as needing a software patch. The action includes 2015 versions of Ram pickups, Jeep Cherokee and Grand Cherokee SUVs, Dodge Challenger sports coupes and Viper supercars.

Affected customers will receive a USB device to upgrade their vehicle’s software with additional safety features, beyond the network-level measure. Shares of Fiat Chrysler fell 1.4 per cent.

FCA hastily released a software update after two professional hackers showed Wired magazine they could use a laptop from their own homes to take over a 2014 Jeep Cherokee as a reporter drove the car.

The two hackers, Charlie Miller and Chris Valasek, allowed journalist Andy Greenburg to drive the Cherokee before remotely turning on the windscreen washers and wipers, cranking up the sound system, shutting off the engine on a highway, taking control of the steering wheel and disabling the brakes.

They notified FCA of the vulnerability in the Uconnect infotainment system in the US-built cars, and drew the car firm’s ire by planning to release part of the code at a security conference next month in Las Vegas.

Part of the reason for FCA’s anger is that its technology does not allow it to “push” updates to customer cars over the internet, so needs owners to visit a website or go to a dealer to download the security patch.

Both Audi and Mercedes-Benz say they remain unconcerned, insisting their security development is at a different level to the potentially impacted Chryslers, Dodges, Rams and Jeeps.

“Safety-critical systems get a lot of work from us,” Audi’s head of electronics said, while Mercedes-Benz insisted there was no way their cars could be hacked from the outside.

The two German premium carmakers have insisted it’s not possible to use the internet connectivity of their cars to hack into its control systems. Audi, pointedly, regularly uses professional hackers to test their electronics security work, Ricky Hudi admitted.

“When we think we are at the point where the concepts are right, we regularly pay people to hack them,” Mr Hudi said over the weekend.

“We pay companies to take our cars away to hack them, before they get to production. We give them our cars and say ‘Take as long as you want but please try to attack it, in whatever way you can’.

While the Jeep hacking scandal has caused widespread public concern, it hasn’t slowed Mercedes-Benz’s push for autonomous and semi-autonomous driving, according to the company’s head of transmissions.

“There is no way you could hack a Mercedes-Benz from outside the car,” a senior Daimler engineering executive said.

“The only ways into the core systems are with a normal on-board diagnostic system from the dealership or workshop.

“You can’t really hack it. You have a control gateway and you have to go through that.

Additional reporting: Reuters