Just days after hackers were able to take control of a 2014 Jeep Cherokee and run it into a ditch, Fiat Chrysler is recalling 1.4 million vehicles to upgrade vulnerable software to reduce the risk of it happening again.
The maker will send owners a USB device that will automatically download the necessary updates to protect the vehicles.
“Further, FCA US has applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report,” the company said in a statement. “These measures – which required no customer or dealer actions – block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015.”
FCA said it was unaware any injuries related to “software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration.”
Affected are certain vehicles equipped with 8.4-inch touchscreens among the following populations:
- 2013-2015 MY Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans2015 Dodge Challenger sports coupes
The problem came to light when Wired magazine managed to get a couple of hackers to break into the Cherokee’s systems, including turning on and off the windshield wipers, shutting the engine off while on the highway, turning the steering wheel and applying the vehicle’s brakes, ultimately sending the SUV off the road.
(Jeep owners urged to lock out hackers. For more, Click Here.)
The incident confirmed the worst fears of some who have been calling for tighter security for increasingly connected vehicles. In fact, Tesla is getting ready to test its latest operating software, which includes an autopilot option. The program allows for hands-free driving on the highway.
The upgrade will be sent to selected vehicles wirelessly – as almost all Tesla updates are handled. While it’s convenient for owners, it’s also convenient for potential hackers looking for a way into the vehicles.
Last year, a group of students were able to get into the Model S and unlock the doors and do a few other things. It only enhanced the resolve of the company to up it security game, including hiring of dozens of computer geniuses to find potential gaps in the car’s security and plug them.
However, the accelerated pace of in-car electronics has been dramatic in recent years, causing many to wonder just how safe they’re vehicles are now.
“Five years ago, the auto industry did not consider cyber-security as a near-term problem,” said Egil Juliussen, a senior analyst and research director with IHS Automotive. “For the auto industry, this is a very important event and shows that cyber-security protection is needed even sooner than previously planned.”
(Consumer Reports warns of cybersecurity risks to cars. Click Here for the story.)
All of these new technologies, including radar-controlled collision warning to advanced infotainment systems, means new open channels into the vehicle, noted Saar Dickman, CEO of TowerSec, an Israeli-based firm developing automotive security technology.
“You’re providing more services and more access,” said Dickman. “You want to embrace innovation, but you have to understand the risks that come with it.”
While Dickman wouldn’t discuss specific ways hackers might target a vehicle, other experts point to the new 4G LTE systems Chevrolet, Audi, Chrysler and other manufacturers are adding. There are channels normally open to satellite radio broadcasts. Even the tire pressure monitoring systems all cars are now required to come with potentially could be used to gain entry into a car’s complex computer network.
Meanwhile, federal regulators are studying plans to require future vehicles be capable of wirelessly linking up to both car-to-car and car-to-infrastructure communications networks that would offer advisories on traffic conditions, weather and crashes.
During a recent visit to Detroit, National Highway Traffic Safety Administration chief Mark Rosekind stressed the potential benefits of new technologies like collision warning and autonomous driving. They have the promise of sharply reducing the number of deaths that occur each year on U.S. roads.
(Automakers face issues of privacy, as well as security, in era of high-tech cars. Click Here for the full story.)
“This technology has a huge potential for the future,” he said, but Rosekind quickly added that the auto industry must make sure that hackers aren’t able to access tomorrow’s vehicles the way they’ve cracked open so many home computers and business servers. Otherwise, the consequences, experts agree, could be catastrophic.
Some people should go to jail for hacking and others for designing insecure auto systems.