Fiat Chrysler has announced it is conducting a voluntary recall to update software in approximately 1.4 million vehicles across the US. The recall is a bid to safeguard its cars from a remote hijacking exploit that allows hackers to flick a ‘kill switch’ and cut off a vehicle’s engine as it drives along the highway.
The move comes after a widely publicised story in Wired last week, in which security researchers demonstrated alarming vulnerabilities in Fiat Chrysler’s on-board Uconnect infotainment system. In a controlled test, the researchers showed they could wirelessly hijack a Jeep Cherokee running the software, enabling them to issue new commands and seize control of the vehicle. This included killing the transmission, controlling the brakes, and even partially taking over steering control (in addition to running riot with a vehicle’s climate control and in-car entertainment system).
Fiat Chrysler’s recall is part of what the automaker calls “an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorised, constitutes criminal action”. The company has also instigated security measures on its network to prevent the attack demonstrated by Wired from taking control of certain vehicle systems, and says it’s unaware of any other techniques that can be used to successfully hijack its systems.
Affected vehicles that are part of the recall include models featuring 8.4-inch touchscreens from the following lines:
2013–2015 MY Dodge Viper specialty vehicles
2013–2015 Ram 1500, 2500 and 3500 pickups
2013–2015 Ram 3500, 4500, 5500 Chassis Cabs
2014–2015 Jeep Grand Cherokee and Cherokee SUVs
2014–2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes
Fortunately for those affected, getting their vehicles back into a safe and secure state isn’t too onerous: Fiat Chrysler is issuing USB dongles that lets drivers upgrade their vehicle’s software with new security features. If you’re not sure if your car is one that may be susceptible to the hack, you can visit this link to see if your vehicle is included in the recall.
But while the fix for this particular security scare might not seem too difficult to implement, the issue does highlight growing fears over the safety risks posed by connected cars and the ‘Internet of Things’ generally. In relation to such concerns, two US senators last week introduced new legislation to establish federal standards designed to protect drivers’ security and privacy.
“Drivers shouldn’t have to choose between being connected and being protected,” said Senator Edward J. Markey in a statement. “We need clear rules of the road that protect cars from hackers and American families from data trackers. This legislation will set minimum standards and transparency rules to protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles.”