Fiat Chrysler Recalls 1.4 million Cars After Jeep Hack

On Friday, Chrysler announced that it’s issuing a formal recall for 1.4 million vehicles that may be affected by a hackable software vulnerability in Chrysler’s Uconnect dashboard computers. The recall doesn’t actually require Chrysler owners to bring their cars, trucks and SUVs to a dealer. Instead, they’ll be sent a USB drive with a software update they can install through the port on their vehicle’s dashboard.

 Security researchers Charlie Miller and Chris Valasek demonstrated that it was possible for hackers to control a Jeep Cherokee remotely, using the car's entertainment system which connected to the mobile data network.


The two security researchers have spent years investigating car control systems and developing ways to subvert them. The pair are due to reveal more information about their work at the Def Con hacker conference next month.

Chrysler had already issued a patch in a software update for its vehicles last week, but announced it with a vague press release on its website only. A recall, by contrast, means all affected customers will be notified about the security vulnerability and urged to patch their software. “The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action,” writes a Chrysler spokesperson in an email.
In its press statement about the recall, Chrysler offered the following list of vehicles that may be affected:

• 2013-2015 MY Dodge Viper specialty vehicles
• 2013-2015 Ram 1500, 2500 and 3500 pickups
• 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
• 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
• 2014-2015 Dodge Durango SUVs
• 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
• 2015 Dodge Challenger sports coupes

In its statement, Chrysler also said that to its knowledge the hacking technique Miller and Valasek had developed is highly sophisticated. It also pointed out that hacking its vehicles wasn’t easy. That’s true: Miller and Valasek had worked on their Jeep hacking exploit for over a year. “The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” reads Chrysler’s statement.

In one less credible part of the statement, however, Chrysler also claims that “no defect has been found,” and that “[Fiat Chrysler Automobiles] is conducting this campaign out of an abundance of caution.”