Fiat Chrysler has ordered another major recall of some of its vehicles in the United States after more were found to be affected by a serious software vulnerability which could lead to them being attacked by cybercriminals.
The car giant has announced that 7,810 Jeeps are being recalled to apply a software radios to vehicles containing certain radios.
The recall affects the variants of the 2015 model of the FCA’s Jeep Renegade sports utility vehicle with a 6.5-inch touchscreen, more than half of which FCA says are still in dealer hands.
“The company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration,” the company said in a statement.
“This is not a good idea,” Pete Bassill, chief executive of UK firm Hedgehog Security, told the BBC. “Now they’re out there, letters like this will be easy to imitate. Attackers could send out fake USB sticks and go fishing for victims. It’s the equivalent of email users clicking a malicious link or opening a bad attachment.”
“There should be a method for validating the authenticity of the USB stick to verify it has really come from Fiat Chrysler before it is plugged in,” said Bassill.
He also warned that if hackers were able to get their hands on the USB stick, they could reverse-engineer it and gain insight Fiat Chrysler’s update process and discover new exploits.
The problem for Fiat Chrysler began in July, after security researchers Charlie Miller and Chris Valasek revealed that it was possible to wirelessly hack and seize control of a Jeep Cherokee.
The flaw with the vehicle was serious, because the in-car software allowed the researchers to hack critical systems such as the steering, brakes, and engine control. Other car hacks for example have only penetrated the car’s entertainment systems.
Following that discovery, the car giant recalled 1.4 million vehicles in the United States for a software update.
To be fair, Fiat Chrysler is not the only car maker to run into trouble as more and more cars incorporate technology into their designs and become connected to the outside world.
Last month, American car firm Telsa rushed out a patch after researchers discovered a potentially serious flaw that allowed them to assume control of the vehicle. That hack however was only possible because the researchers had access to the inside of the car.
Last year a group of hackers and security researchers known as “I Am The Cavalry”, urged attendees of the Def Con security conference in Las Vegas to sign an open letter encouraging carmakers to improve the security systems of their latest cars.
And in February, BMW confirmed it had patched a serious security flaw that could have allowed hackers to seize control of some of its cars’ systems. That flaw could have allowed hackers to the open doors of 2.2 million Rolls-Royce, Mini and BMW vehicles. The flaw could also have allowed the hackers to access the onboard vehicle computer system, which manages everything from engines and brakes to air conditioning.
Prior to that in September last year, General Motors ramped up its protection from hackers when it hired a watchdog to maintain mobile system security and guide the company into the future.
And in April 2014, security researcher Nitesh Dhanjani warned that weaknesses in the way Tesla lets drivers control their cars could allow someone to easily open the doors.
In the driving seat about connected cars? Take our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…