The Jeep Cherokee that made news for being hacked earlier this week is only one of 14 Fiat Chrysler cars that's vulnerable to the exploit. Following the news, the company has launched a recall of 1.4 million recent models that could be remotely accessed and controlled by cyber criminals.
The recall comes days after Wired reported a demonstration by hackers in which they were able to access and control a Jeep Cherokee as it was being driven.
The hack detailed in the Wired article took place under somewhat controlled conditions—the driver, a Wired writer, knew that it was about to happen—but it occurred on the busy Interstate 64 near St. Louis. It culminated as the vehicle was remotely slowed down and caused something of a traffic obstacle for cars behind.
Fiat Chrysler said there’s no indication such an attack has been launched against unsuspecting car owners, but it clearly illuminated a hole in the automaker’s security.
The hackers behind the demonstration have been communicating with Chrysler for several months, and the company issued a patch earlier in July. On Friday, after days of media attention, that patch turned into a recall.
The company briefly addressed the hack and, like most organizations caught off-guard by hackers, underlined how sophisticated and difficult it must have been.
“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.”
Still, it happened.
And that’s exactly why two U.S. senators on Tuesday proposed new regulations that would mandate much better protection by automakers against hackers.
In part, the Security and Privacy in Your Car Act of 2015 seeks to ensure that critical software systems in cars be isolated and the entire vehicle safeguarded against hacking by using “reasonable measures.”
Chrysler says it has already strengthened its network security to prevent the hack demonstrated in the Wired article, and therefore cars are already insulated against a similar attack.
The recall, which the auto maker is undergoing voluntarily, will provide a software update to vehicles that brings “additional security features,” it said in a statement. It didn’t detail what those security features are.
Cars covered by the recall are:
- 2013-2015 MY Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challenger sports coupes
Owners of affected vehicles will receive a USB stick that can be used to update their car software. There’s also a website where owners can input their Vehicle Identification Number (VIN) to see if their car is affected.