Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Fiat Chrysler Recalls SUVs to Prevent Remote Hacking

Fiat Chrysler Automobiles (FCA) wants to update the software on roughly 7,810 of its SUVs to address an issue that can be exploited to remotely hack the vehicles.

Fiat Chrysler Automobiles (FCA) wants to update the software on roughly 7,810 of its SUVs to address an issue that can be exploited to remotely hack the vehicles.

According to the carmaker, this campaign involves a different radio than the one installed on the 1.4 million cars recalled this summer to patch a Uconnect vulnerability disclosed by researchers Charlie Miller and Chris Valasek.

Jeep Renegade

The latest recall affects certain 2015 Jeep Renegade vehicles equipped with 6.5 inch touchscreens. The software updates, designed to protect these connected vehicles against “remote manipulation,” also include additional security features.

Affected customers will receive a USB device containing the software updates. Alternatively, the update can be downloaded from the official Uconnect website or installed for free by technicians at dealerships.

The company has pointed out that more than half of the 2015 Jeep Renegade SUVs fitted with affected radios are still at dealers and their software will be updated before they are sold.

“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” Fiat Chrysler said on Friday. “No defect has been found. FCA US is conducting this campaign out of an abundance of caution.”

Miller and Valasek, who were hired by Uber last month, revealed in July that they had managed to remotely hijack a 2014 Jeep Cherokee through a vulnerability in its Uconnect system. The researchers demonstrated that the feature available in some Viper, Ram, Jeep, Dodge and Chrysler models exposed the cars to remote cyberattacks.

Advertisement. Scroll to continue reading.

Fiat Chrysler announced the recall of 1.4 million cars and started sending out USB devices that customers can use to easily conduct the software update themselves. However, security experts have criticized the method because they believe the USB sticks sent out by the company via mail can be intercepted and altered.

Several experts disclosed car hacking methods this summer, with automobiles from Corvette, Tesla and General Motors being targeted. In response to recent revelations, the auto industry announced its intention to create an information sharing and analysis center that will focus on enhancing cyber security.

While so far we haven’t witnessed any malicious cyberattacks targeting connected vehicles, experts are concerned that this might change in the near future. Some believe we might soon see ransomware-style attacks aimed at cars, while others warn that the disruption to digital systems installed in cars will lead to verifiable human deaths in the next few years.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.