Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Fiat Chrysler Recalls SUVs to Prevent Remote Hacking

Fiat Chrysler Automobiles (FCA) wants to update the software on roughly 7,810 of its SUVs to address an issue that can be exploited to remotely hack the vehicles.

Fiat Chrysler Automobiles (FCA) wants to update the software on roughly 7,810 of its SUVs to address an issue that can be exploited to remotely hack the vehicles.

According to the carmaker, this campaign involves a different radio than the one installed on the 1.4 million cars recalled this summer to patch a Uconnect vulnerability disclosed by researchers Charlie Miller and Chris Valasek.

Jeep Renegade

The latest recall affects certain 2015 Jeep Renegade vehicles equipped with 6.5 inch touchscreens. The software updates, designed to protect these connected vehicles against “remote manipulation,” also include additional security features.

Affected customers will receive a USB device containing the software updates. Alternatively, the update can be downloaded from the official Uconnect website or installed for free by technicians at dealerships.

The company has pointed out that more than half of the 2015 Jeep Renegade SUVs fitted with affected radios are still at dealers and their software will be updated before they are sold.

“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” Fiat Chrysler said on Friday. “No defect has been found. FCA US is conducting this campaign out of an abundance of caution.”

Miller and Valasek, who were hired by Uber last month, revealed in July that they had managed to remotely hijack a 2014 Jeep Cherokee through a vulnerability in its Uconnect system. The researchers demonstrated that the feature available in some Viper, Ram, Jeep, Dodge and Chrysler models exposed the cars to remote cyberattacks.

Fiat Chrysler announced the recall of 1.4 million cars and started sending out USB devices that customers can use to easily conduct the software update themselves. However, security experts have criticized the method because they believe the USB sticks sent out by the company via mail can be intercepted and altered.

Advertisement. Scroll to continue reading.

Several experts disclosed car hacking methods this summer, with automobiles from Corvette, Tesla and General Motors being targeted. In response to recent revelations, the auto industry announced its intention to create an information sharing and analysis center that will focus on enhancing cyber security.

While so far we haven’t witnessed any malicious cyberattacks targeting connected vehicles, experts are concerned that this might change in the near future. Some believe we might soon see ransomware-style attacks aimed at cars, while others warn that the disruption to digital systems installed in cars will lead to verifiable human deaths in the next few years.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.