Earlier this week there was a story in Wired Magazine about two white hat hackers, Charlie Miller and Chris Valasek who hacked into a Jeep Cherokee through its UConnect entertainment system and were able to remotely take control of the car’s speed, brakes, radio, windshield wipers and other features. Largely in response to this story which heightened awareness of the ability of hackers to take control of our increasingly computerized cars, Fiat Chrysler issued a recall yesterday of 1.4 million vehicles to make corrections to prevent this type of problem. According to Fiat Chrysler’s press release, the company has “applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report. These measures — which required no customer or dealer actions — block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015.” Customers affected by the recall will also receive a USB device to personally upgrade the vehicle software and provide new security features in addition to those installed by the network upgrades. Meanwhile the National Highway Traffic Safety Administration has issued a “recall query” to look into the actions of Fiat Chrysler to patch the security vulnerabilities.
Miller and Valasek will be presenting their research to the upcoming DefCon 23 white hat hackers convention in Las Vegas in early August. I will be reporting from the conference about this and other developments in hacking.
The affected vehicles are:
2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500,2500 and 3500 pickups
2013-2015 Ram 3500,4500,5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee and Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger
If you have own of the affected vehicles, you should contact your dealer to inquire about when you will be receiving the USB device and what you need to do.
This is just the latest development in what I have described many times before as the security issues involved in what we call the Internet of Things. As more and more of the things we deal with have computerized components, there are greater threats to our security unless steps are taken to keep these devices safe and secure. Here is a link to a column I wrote about this in my column for USA Today in April.