- Fiat Chrysler is recalling 1.4 million vehicles to fix security flaws with their cellular radios.
- The vulnerability allows hackers to gain control of the vehicles' computer systems from hundreds of miles away.
- The recall includes Dodge, Jeep, Ram, and Chrysler car models.
Chrysler will distribute USB sticks with upgraded software to affected customers.
Hackers demonstrated security flaws earlier this week
In a terrifying demonstration to Wired reporter Andy Greenberg earlier this week, two hackers showed the ability to hack into a Jeep Cherokee from miles away, gain control of its internal network, and then tamper with its transmission, brakes, and other safety-critical features.
As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.
The hackers, Charlie Miller and Chris Valasek, are professional security researchers, so they aren't planning to use their discovery for evil. But malicious hackers could use the same techniques to remotely tamper with cars across the country. From his home in the St. Louis area, Miller scanned the network for vulnerable vehicles and showed Greenberg vulnerable cars in Texarkana, Texas; San Diego; and Michigan's Upper Peninsula. If he'd wanted to, he could have hacked into any of these vehicles and interfered with their brakes and transmissions, potentially causing a crash.
Miller and Valasek notified Chrysler about this problem nine months ago, and the company recently released a software patch to fix the vulnerability. However, that patch wasn't easy for customers to install. The decision to issue a formal recall suggests that Chrysler is now taking the problem more seriously.
According to the Wall Street Journal, affected vehicles include "2013-2015 Dodge Viper specialty vehicles; a variety of 2013-2015 Ram pickup trucks and chassis cabs; 2014-2015 Jeep Grand Cherokee and Cherokee SUVs; 2014-2015 Dodge Durango SUVs; 2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans; and 2015 Dodge Challenger sports coupes."
The move underscores the fact that car manufacturers are in the software business now. Security is one of the most important responsibilities of a major software company. Companies like Microsoft and Google have hundreds of security experts on staff — and security flaws in Windows and Android generally won't get anyone killed. Car companies are going to have to beef up their own security capabilities if they want to keep their customers safe from hackers.