Hack attack prompts Chrysler recall of 1.4 million vehicles

In the aftermath of two security researchers hacking into the wireless system of a Jeep, Chrysler has announced the recall of 1.4 million vehicles in the United States dating to 2013 models.

The vehicles recalled may be affected by a hackable software vulnerability in Chrysler’s Uconnect dashboard computers.

The vulnerability was first demonstrated earlier in July when Charlie Miller and Chris Valasek wirelessly hacked and assume control over dashboard functions, steering, transmission and brakes.

The recall doesn’t require Chrysler owners to bring their cars, trucks and SUVs to a dealer.
Instead, they’ll be sent a USB drive with a software update they can install through the port on their vehicle’s dashboard.

Chrysler says it’s also taken steps to block the digital attack Miller and Valasek demonstrated with “network-level security measures.”

Chrysler issue a patch in a software update for its vehicles last week but a recalls means all affected customers will be notified about the security vulnerability and urged to patch their software.

Chrysler released the following list of vehicles that may be affected:

2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500, 2500 and 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee and Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes

Shortly after the recall was announced, National Highway Traffic Safety Administration (NHTSA) said it is launching an investigation to assess whether Fiat Chrysler’s recall will be effective.

Launching a recall is the right step to protect Fiat Chrysler’s customers, and it sets an important precedent for how NHTSA and the industry will respond to cybersecurity vulnerabilities,” NHTSA Administrator Mark Rosekind said in a statement.

FCA US, the new name for what used to be Chrysler Group, the U.S. unit of Fiat Chrysler, said the recall “aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action.”