Chrysler recalling vehicles that can be hacked

Posted at 1:08 PM, Jul 24, 2015
and last updated 2015-07-24 13:11:07-04

Chrysler is recalling 1.4 million vehicles that can be remotely hacked over the Internet.

A flaw in several Chrysler (FCAU) models lets hackers remotely control them, posing an unprecedented danger for American drivers. Hackers can cut the brakes, shut down the engine, drive it off the road, or make all the electronics go haywire.

After the vulnerability was uncovered on Tuesday, Chrysler offered a software upgrade that it recommended customers install “at their earliest convenience.”
Chrysler on Thursday upgraded its network, saying the update would prevent the remote hacking from taking place. It said that its update required no action on the part of customers and dealers.

Still under intense scrutiny, Chrysler opted to issue a formal recall on Friday to fix the vehicles themselves. Customers participating in the recall will receive a USB flash drive, which they can insert into their cars and upgrade their vehicles’ software.

But Chrysler said Friday that the recall provides unspecified “additional security features independent of the network-level measures.”

The cars involved in the recall include the following vehicles equipped with 8.4-inch touchscreens:
2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500, 2500 and 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee and Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes

Chrysler said it is unaware of any accidents, injuries, warranty claims or complaints related to the software bug, other than a single incident reported by Wired on Tuesday. Researchers Charlie Miller and Chris Valasek demonstrated the vulnerability by taking remote control of a Jeep.

The scope of the vulnerability — the fact that it impacted several models of Chryslers — was reported by CNNMoney on Tuesday.

Chrysler notes that the unauthorized remote hacking of a car “constitutes criminal action.”