Fiat Chrysler Automobiles announced a voluntary recall of roughly 1.4 million vehicles Friday in response to an incident earlier in the week in which hackers demonstrated that they could take control of one of the company’s cars using the Internet.
The recall affects roughly 1.4 million American cars and trucks equipped with certain radios and 8.4-inch touchscreens. Affected vehicles include several popular models made by Fiat Chrysler’s Jeep, Dodge, Chrysler and RAM brands. (Owners can check here to see what vehicles are included in the recall.)
On Tuesday, Wired published a story detailing how two hackers highlighted a security flaw that affects some of Fiat Chrysler’s vehicles.
Security researchers Charlie Miller and Chris Valasek used the internet to infiltrate a Jeep Cherokee’s electronics systems and hijack many of the vehicle’s features, all while the duo sat in a basement miles from where reporter Andy Greenberg was driving the SUV. Among other actions, the two were able to control the Jeep’s air conditioning and radio, disable its transmission, track its GPS location and, in some circumstances, cripple its brakes and control its steering.
Fiat Chrysler said in a Friday statement that affected customers would be given USB devices containing software to patch the security flaw. Dealership mechanics can also update the software, but the voluntary nature of the recall means many affected vehicles could remain vulnerable.
The company also said it had instituted network-level fixes as of Thursday that prevent remote access to some certain vehicle systems. Such measures don’t require action on the part of customers, according to the company.
In its statement, Fiat Chrysler said, “The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.” The statement also said that such manipulation “constitutes criminal action” if unauthorized.
Miller and Valasek’s hack exploits software features specific to vehicles made by Fiat Chrysler. But many modern cars are similarly web-connected, part of a larger trend toward computerized, networked devices often referred to as the “Internet of things.”
While such technologies have the potential to improve people’s lives, they also present cybersecurity concerns.
Miller and Valasek have been sharing their research on the security flaw with Fiat Chrysler for months — a collaboration that allowed the company to prepare software that addresses the problem, according to Wired.
Still, Fiat Chrysler condemned the duo’s plans to share data about the security flaw in conjunction with their upcoming talk at the Black Hat security conference in Las Vegas next month. The company told Wired that it “appreciates” the hackers’ work, but also said, “Under no circumstances does [Fiat Chrysler] condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.”
Miller and Valasek intend to publish data related to the hack so that their work can be peer reviewed, and in order to alert consumers to the potential dangers posed by highly computerized, Internet-connected vehicles.
“If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller told Wired. “This might be the kind of software bug most likely to kill someone.”