Chrysler recalls 1.4M cars that were vulnerable to remote hacking

Chrysler has launched a recall of 1.4 million recent model cars that were vulnerable to being remotely accessed and controlled by hackers.

The recall comes days after Wired reported a demonstration by hackers in which they were able to access and control a Chrysler Jeep as it was being driven.

The hack detailed in the Wired article took place under somewhat controlled conditions—the driver, a Wired writer knew that it was about to happen—but it occurred on the busy Interstate 64 near St. Louis. It culminated in the vehicle slowing down and causing something of a traffic obstacle for cars behind.

Chrysler said there’s no indication such an attack has been launched against unsuspecting car owners, but it clearly illuminated a hole in the auto-maker’s security.

The hackers behind the demonstration have been communicating with Chrysler for several months and the company issued a patch earlier in July. On Friday, after days of media attention, that patch turned into a recall.

The company briefly addressed the hack and, like most organizations caught off guard by hackers, underlined how sophisticated and difficult it must have been.

“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.”

Still, it happened.

And that’s exactly why two U.S. senators on Tuesday proposed new regulations that would mandate auto makers provide much better protection against hackers.

In part, the Security and Privacy in Your Car Act of 2015 seeks to ensure that critical software systems in cars be isolated and the entire vehicle be safeguarded against hacking by using “reasonable measures.” 

Chrysler says it has already strengthened its network security to prevent the hack demonstrated in the Wired article and therefore cars are already insulated against a similar attack.

The recall, which the auto maker is undergoing voluntarily, will provide a software update to vehicles that brings “additional security features,” it said in a statement. It didn’t detail what those security features are.

Cars covered by the recall are:

- 2013-2015 MY Dodge Viper specialty vehicles

- 2013-2015 Ram 1500, 2500 and 3500 pickups

- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs

- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs

- 2014-2015 Dodge Durango SUVs

- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans

- 2015 Dodge Challenger sports coupes

Owners of affected vehicles will receive a USB stick that can be used to update their car software. There’s also a website where owners can input their Vehicle Identification Number (VIN) to see if their car is affected.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.