Auto Tech

Fiat Chrysler waited 18 months to tell regulators about hacking risk

The automaker reportedly didn't disclose the security flaw in its Uconnect infotainment system because it felt the issue did not pose a safety concern.

jeep-cherokee-uconnect-infotainment.jpg
Fiat Chrysler recalled 1.4 million vehicles due to a bug in its Uconnect software. Jeep

Fiat Chrysler Automobiles may be in hot water with the National Highway Traffic Safety Administration after it was revealed that the automaker reportedly took 18 months to disclose a security flaw in its Uconnect infotainment system to federal regulators.

Fiat Chrysler elected to not inform regulators of the Uconnect hacking issue because they felt it didn't pose a safety concern, Bloomberg reported on Wednesday. The automaker filed documents with the NHTSA that noted the software issue was identified by a third party in January 2014, according to Bloomberg. The vulnerability in the Uconnect infotainment system gained national attention in July when two security researchers working with Wired magazine exploited the weakness in a Jeep Cherokee and were able to remotely disable the vehicle while it was being driven.

Fiat Chrysler said Wednesday it responded to the issue when it first learned about the ability for others to hack into some of its "8.4-inch touchscreen systems."

"Prior to last month, the precise means of the remote manipulation demonstrated in the WIRED story was not known by or shared with FCA US," the automaker said in an emailed statement. Fiat Chrysler would not comment on when it became aware of a potential cybersecurity issue -- however serious -- with Uconnect.

NHTSA authorities disagreed with Fiat Chrysler about the seriousness of the Uconnect hack, reported Bloomberg, and pushed back on the Auburn Hills, Michigan, automaker, a move that triggered the recall of 1.4 million affected cars and trucks eight days after regulators became aware of the problem. Fiat Chrysler was already reeling after being slapped with a $105 million fine in June for mishandling nearly two-dozen recalls.

The cybersecurity recall is the first of its kind and is being viewed as a bellwether by industry critics, safety watchdogs, manufacturers and government officials alike.

Auto industry executives and federal regulators appear to be in a bit of a panic following the Chrysler hack and a separate July cybersecurity incident involving General Motors' OnStar system -- and consumers are taking notice of the issue. A new study conducted by Kelley Blue Book found that over three-quarters of consumers surveyed think vehicle hacking is going to be a "frequent problem" within the next three years. Forty-one percent of respondents said they'll keep cybersecurity in mind when purchasing their next vehicle.

To date, auto hacks have not resulted in any reported injuries or fatalities. But with the auto industry driving headlong toward the so-called connected car, the scope of the danger such hacking attempts pose is unclear. One thing is for sure, however -- all of the parties involved are working feverishly to devote more resources to the problem. Automakers are expanding cybersecurity departments, the NHTSA is staffing up on investigators and auto trade groups are working to establish data-sharing analysis groups to combat this rising issue.