Fiat Chrysler Recalls Hacked Cars Amid Response Criticism

Fiat Chrysler has ordered another major recall of some of its vehicles in the United States after more were found to be affected by a serious software vulnerability which could lead to them being attacked by cybercriminals.

The car giant has announced that 7,810 Jeeps are being recalled to apply a software radios to vehicles containing certain radios.

The recall affects the variants of the 2015 model of the FCA’s Jeep Renegade sports utility vehicle with a 6.5-inch touchscreen, more than half of which FCA says are still in dealer hands.

“The company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration,” the company said in a statement.

Insecure

But Fiat Chrysler has been criticised after sending out the fix for the issue on a USB stick through the post.

“This is not a good idea,” Pete Bassill, chief executive of UK firm Hedgehog Security, told the BBC. “Now they’re out there, letters like this will be easy to imitate. Attackers could send out fake USB sticks and go fishing for victims. It’s the equivalent of email users clicking a malicious link or opening a bad attachment.”

“There should be a method for validating the authenticity of the USB stick to verify it has really come from Fiat Chrysler before it is plugged in,” said Bassill.

He also warned that if hackers were able to get their hands on the USB stick, they could reverse-engineer it and gain insight Fiat Chrysler’s update process and discover new exploits.

Serious Flaw

The problem for Fiat Chrysler began in July, after security researchers Charlie Miller and Chris Valasek revealed that it was possible to wirelessly hack and seize control of a Jeep Cherokee.

The researchers carried out the attack remotely, and used the car’s entertainment system which is connected to the mobile network. According to the Guardian newspaper, the researchers took control of a Jeep and disabled the engine and brakes, and then crashed it into a ditch.

The flaw with the vehicle was serious, because the in-car software allowed the researchers to hack critical systems such as the steering, brakes, and engine control. Other car hacks for example have only penetrated the car’s entertainment systems.

Following that discovery, the car giant recalled 1.4 million vehicles in the United States for a software update.

Car Security

To be fair, Fiat Chrysler is not the only car maker to run into trouble as more and more cars incorporate technology into their designs and become connected to the outside world.

Last month, American car firm Telsa rushed out a patch after researchers discovered a potentially serious flaw that allowed them to assume control of the vehicle. That hack however was only possible because the researchers had access to the inside of the car.

Last year a group of hackers and security researchers known as “I Am The Cavalry”, urged attendees of the Def Con security conference in Las Vegas to sign an open letter encouraging carmakers to improve the security systems of their latest cars.

And in February, BMW confirmed it had patched a serious security flaw that could have allowed hackers to seize control of some of its cars’ systems. That flaw could have allowed hackers to the open doors of 2.2 million Rolls-Royce, Mini and BMW vehicles. The flaw could also have allowed the hackers to access the onboard vehicle computer system, which manages everything from engines and brakes to air conditioning.

Prior to that in September last year, General Motors ramped up its protection from hackers when it hired a watchdog to maintain mobile system security and guide the company into the future.

And in April 2014, security researcher Nitesh Dhanjani warned that weaknesses in the way Tesla lets drivers control their cars could allow someone to easily open the doors.

In the driving seat about connected cars? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

6 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

8 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

10 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

10 hours ago