Jeep Hacking Recall 2015: Is Your Car, Truck or SUV on Chrysler's List of 1.4 Million Vehicles?
On Friday Chrysler issued a formal recall for 1.4 million cars, trucks, and SUVs on the road right now. The specified vehicles are vulnerable to software-based attacks allowing hackers to take control of several vital systems remotely. Welcome to the 21st century.
In 21st Century, (Hacked) Cars Drive You
The groundbreaking software vulnerability, which can relinquish control of major functions of your Jeep, was first exposed in an exclusive feature by Wired this month. The defect would allow hackers across the world to wirelessly take control of the steering, transmission and breaks of these cars.
"I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold," begins the feature about Uconnect, the faulty dashboard software built in to millions of Jeeps and other Chrysler cars.
Such weak points in the original design of software are called "zero-day" exploits. Such defects predate the software's release (or "day zero"), making them very powerful, and very dangerous.
In the Wired exposé, two (friendly) hackers took control of the reporter's Jeep Cherokee's air conditioning system, radio, and windshield wipers, but then also cut the transmission remotely. The hackers could also disable or enable the breaks, track the car using GPS, and take control of the steering, which apparently can only be done when the Jeep is in reverse. For now, that is.
Massive Recall
Th exposure led Fiat-Chrysler to issue a massive recall of 1.4 million Jeeps, Dodge trucks and SUVs, and select Dodge and Chrysler cars. This, after the company released a patch for the vulnerability weeks ago, which owners could obtain and install themselves or get through their local dealership.
Now, according to a statement, the company has expanded its efforts by conducting an official "voluntary safety recall to update software in approximately 1,4000,000 U.S. vehicles" equipped with Uconnect dashboard systems.
The company also took pains in the release to point out that it had "applied network-level security measures to prevent the type of remote manipulation" demonstrated by Wired's report. The measures were applied on July 23 within cell networks used in the breach.
Here's Fiat-Chrysler's list of recalled vehicles, all of which sport 8.4-inch touchscreens in the dashboard that run the vulnerable software:
- 2013-2015 MY Dodge Viper specialty vehicles
- 2013-2015 Ram 1500, 2500 and 3500 pickups
- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
- 2014-2015 Dodge Durango SUVs
- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
- 2015 Dodge Challenger sports coupes
Customers affected by the recall can receive a USB stick with the upgraded software. According to the recall, to make sure whether your car is included, you can go to https://www.driveuconnect.com/software-update/ and input your Vehicle ID Number (VIN).
Here's hoping their site won't be vulnerable to hacking as well.