Fiat Chrysler is recalling 1.4 million vehicles in the wake of a software glitch that could allow hackers to take remote control of a car.
The automaker announced on Friday that the voluntary safety recall will update the software in around 1.4 million US vehicles equipped with certain radios. The cause of the problem exists in the Uconnect system, which lets smartphone users communicate with certain Fiat Chrysler cars over the Internet using Sprint's network. The feature allows owners to remotely turn on the engine, track the location of their car using GPS and take advantage of various anti-theft features.
The bug in the Uconnect system software was uncovered earlier this week by two security researchers working with Wired magazine senior writer Andy Greenberg. The researchers were able to remotely control a Jeep through its IP address over the Internet, enabling them to turn the brakes on and off, switch on the windshield wipers and even shut off the engine.
The vulnerability highlights the inherent risks and dangers as our devices and gadgets become more connected, especially over the open Internet. Bugs are a fact of life for software. But in this case, the bug in this particular software could prove deadly to a driver. Automakers and other tech firms are racing to outfit cars with more technology, especially ones that connect them via the Internet. Cars are no longer just standalone devices any longer; they're part of the Internet of Things. That can leave them as vulnerable as other connected devices, but with greater consequences.
Though Fiat Chrysler took the step of recalling all affected vehicles, the company has already tried to address the problem and smooth over the concerns of car owners. The automaker said it has applied "network-level security measures" that would prevent the type of remote control access demonstrated by the researchers. Tested and rolled out on Thursday over the cellular network used by Uconnect, these measures block remote access to certain vehicles, according to Fiat Chrysler.
The company said the hack demonstrated by the researchers required "unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code." Fiat Chrysler also said it's unaware of any injuries, accidents or complaints so far related to the software vulnerability.
The affected vehicles are those outfitted with 8.4-inch touchscreens and include the following:
- 2013-2015 MY Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challenger sports coupes
Customers can also visit the Uconnect software update site where they can enter their Vehicle Identification Number (VIN) to find out if their car is included in the recall. The site explains the process as follows:
In order to identify if you need a software update, please enter all 17 digits of your Vehicle Identification Number (VIN) below. If an update is required, you can download the software to a USB drive and then install it on your Uconnect system. Plan ahead as updates can take up to 30-45 minutes and require that your vehicle be parked throughout the software update/installation process. Or, if you prefer, you can make an appointment with your local FCA US dealer for immediate installation at no charge.
Fiat Chrysler car owners with any questions can call the company's US Customer Care Center at 1-800-853-1403.