Fiat Chrysler has issued a safety recall affecting 1.4 million vehicles in the U.S., after security researchers were able to demonstrate that one of its cars could be hacked. Last Tuesday, Wired magazine showed that hackers could take control of a Jeep Cherokee via its Internet-connected entertainment system. Chrysler then issued a voluntary recall to update software in the affected vehicles.
As the entertainment system in the subject vehicle is connected to the mobile data network, it sets a precedent for widespread vulnerability. Fiat Chrysler said exploiting the flaw “required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” adding that manipulating its software “constitutes criminal action.”
Security researchers Charlie Miller and Chris Valasek, who performed the hack for Wired, have spent years investigating car control systems and developing ways to subvert them. The pair are due to reveal more information about their work at the Def Con hacker conference next month.
The potential hackability affects some 1.4 million vehicles sold in the U.S. that are outfitted with Chrysler’s uConnect system. According to a statement by a spokesman for Fiat-Chrysler, no vehicles sold in the U.K. were affected.
The recall comes on the heels of a call by two US senators to introduce a bill leaning on the US Federal Trade Commission and the National Highway Traffic Safety Administration to set standards on vehicle security for car makers. The bill would also create a security rating system for cars enabling consumers to know which ones worked hardest to make unhackable cars.