Fiat Chrysler Recalls Vehicles Due to Cybersecurity Concerns
?Fiat Chrysler isrecalling approximately 1.4 million vehicles to address software issues that make the vehicles vulnerable to hacking, the company announced Friday following publication of a flaw that could allow a hacker to take control of some of its vehicles.
The recall appears to be the first of its kind and comes just days afterWIRED magazine published a story detailing how two security researchers wirelessly took control of a Jeep Grand Cherokee as it drove down a major highway near St. Louis. The researchers�Charlie Miller and Chris Valasek�hacked the Jeep remotely�as a WIRED reporter drove it, showing they could take control of the vehicle�s engine, steering, and brakes.
Fiat Chrysler announced this morning that it is issuing a voluntary recall and said that it is unaware of any injuries related to software exploitation of its vehicles.�
Fiat Chrysler U.S. has �applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report,� the company said in a statement. �These measures�which required no customer or dealer actions�block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015.�
Vehicles being recalled include the Jeep Grand Cherokee and Cherokee SUVs from 2014 and 2015. Dodge Challenger sports coupes from 2015 and some other vehicles are also being recalled.
�The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle, and extended periods of time to write code,� the company said in a press release.
Customers who bring their vehicle in to a dealer for the recall will receive a memory stick to upgrade their software and to provide additional security,according to Reuters.
Stephen Cobb, senior security researcher with ESET, said that he doubts this will be the last mass vehicle recall to patch a network security vulnerability.�
�Like many other manufacturing sectors, the automotive industry appears to have fulfilled the predictions of many security experts and underestimated the challenges of deploying secure systems in today�s challenging operating environment.�
Congress is also working to address the issue of vehicle cybersecurity and driver privacy. Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) introduced legislation Tuesday that would direct the National Highway Traffic Safety Administration (NHTSA) to develop cybersecurity standards to isolate vehicle critical software and detect hacking as it occurs.�
The bill, the Security and Privacy in Your Car Act of 2015, instructs the NHTSA and the Federal Trade Commission to create vehicle performance standards that require all access points in vehicles to be equipped with reasonable measures to protect against hacking attacks, all collected information from the vehicle to be secured to prevent unwanted access, and all vehicles to be equipped with technology that can detect, report, and stop hacking attempts in real-time.
For more on Valasek and Miller�s research and vehicle cybersecurity, check out our piece from our June issue�Driving Towards Disaster.�