×

Fiat Chrysler recalls 1.4M vehicles to prevent hacking

DETROIT (AP) – Fiat Chrysler has decided to recall about 1.4 million cars and trucks in the U.S. just days after two hackers revealed that they took control of a Jeep Cherokee SUV over the Internet.

The company also disclosed in government documents that the hackers got into the Jeep through an electronic opening in the radio and said it would update software to close it. On Thursday, Fiat Chrysler sealed off a loophole in its internal cellular telephone network with vehicles to prevent similar attacks, the automaker said in a statement.

The vulnerability exposed by the hack rippled through the auto industry and drew the attention of government safety regulators, who on Friday opened an investigation into the Jeep incident.

The National Highway Traffic Safety Administration said it would find out which other automakers use the same radios. It came as the industry is rapidly adding Internet-connected features such as WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks.

“I think it’s a pretty big deal,” said James Carder, chief information security officer for LogRhythm Inc., a Boulder, Colorado, security company. “This isn’t intellectual property going out the door, this is 1.4 million lives on the line.”

Automakers, he said, have become accustomed to testing mechanical safety, but most aren’t doing enough online security testing. Carder said he wouldn’t be surprised to see a few more recalls as automakers check vehicle security. He noted that Internet-accessible cars have only been around for a few years, limiting the number of cars and trucks that could be affected.

Shortly after the hack was disclosed in a Wired magazine article this week, Fiat Chrysler said it would contact owners of vehicles and offer software updates to fix the problem. But documents show that the wider recall came at the urging of government safety regulators.

Fiat Chrysler, which already is facing penalties from NHTSA for recall delays over several years, said in documents that it agreed to the recall even though there were no problems in the field other than the Jeep attack, and it had no complaints or warranty claims. The company also implied in its statement that the hackers broke the law by manipulating a vehicle remotely without authorization.

The fix came after two well-known hackers, Charlie Miller and Chris Valasek, remotely took control of the Cherokee through its UConnect entertainment system. They were able to change the vehicle’s speed and control the brakes, radio, windshield wipers, transmission and other features.

Newsletter

Today's breaking news and more in your inbox

I'm interested in (please check all that apply)
Are you a paying subscriber to the newspaper? *
   

Starting at $4.62/week.

Subscribe Today