Security Experts:

Fiat Chrysler Recalls SUVs to Prevent Remote Hacking

Fiat Chrysler Automobiles (FCA) wants to update the software on roughly 7,810 of its SUVs to address an issue that can be exploited to remotely hack the vehicles.

According to the carmaker, this campaign involves a different radio than the one installed on the 1.4 million cars recalled this summer to patch a Uconnect vulnerability disclosed by researchers Charlie Miller and Chris Valasek.

Jeep Renegade

The latest recall affects certain 2015 Jeep Renegade vehicles equipped with 6.5 inch touchscreens. The software updates, designed to protect these connected vehicles against “remote manipulation,” also include additional security features.

Affected customers will receive a USB device containing the software updates. Alternatively, the update can be downloaded from the official Uconnect website or installed for free by technicians at dealerships.

The company has pointed out that more than half of the 2015 Jeep Renegade SUVs fitted with affected radios are still at dealers and their software will be updated before they are sold.

“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” Fiat Chrysler said on Friday. “No defect has been found. FCA US is conducting this campaign out of an abundance of caution.”

Miller and Valasek, who were hired by Uber last month, revealed in July that they had managed to remotely hijack a 2014 Jeep Cherokee through a vulnerability in its Uconnect system. The researchers demonstrated that the feature available in some Viper, Ram, Jeep, Dodge and Chrysler models exposed the cars to remote cyberattacks.

Fiat Chrysler announced the recall of 1.4 million cars and started sending out USB devices that customers can use to easily conduct the software update themselves. However, security experts have criticized the method because they believe the USB sticks sent out by the company via mail can be intercepted and altered.

Several experts disclosed car hacking methods this summer, with automobiles from Corvette, Tesla and General Motors being targeted. In response to recent revelations, the auto industry announced its intention to create an information sharing and analysis center that will focus on enhancing cyber security.

While so far we haven’t witnessed any malicious cyberattacks targeting connected vehicles, experts are concerned that this might change in the near future. Some believe we might soon see ransomware-style attacks aimed at cars, while others warn that the disruption to digital systems installed in cars will lead to verifiable human deaths in the next few years.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.