The first remote hacking of a vehicle has occurred, and as we move towards a more computerized society, our worst fears are being realized, prompting another huge automotive recall. Like many carmakers, Fiat-Chrysler is doing its best to turn the modern automobile into a smartphone. Uconnect is an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks.
Citing "an abundance of caution," Fiat-Chrysler voluntarily recalled over 1.4 million cars, trucks, and SUVs this week. The issue, a Uconnect touchscreen entertainment system vulnerability that allowed hackers to assume control of a Jeep Cherokee's brakes and other systems. Uconnect is an internet-connected computer feature that controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. The prompt recall came swiftly following a hacking demonstration the day before, the manner of infiltration open to anyone possessing a Fiat-Chrysler vehicle with the Uconnect system installed.
The recall focuses on the following vehicles equipped with 8.4-inch touchscreens:
2013-2015 Dodge Vipers
2013-2015 Ram 1500, 2500 and 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokees and Cherokees
2014-2015 Dodge Durangos
2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challengers
Scary. Very scary. With such timely topics as automated driverless vehicles, smart cars, and breaking our dependency on foreign oil dominating our headlines, eliminating traffic crunches and improving the safety of our highways is a worthwhile endeavor. But is giving up so much control worth the effort?
Initially Fiat-Chrysler downplayed the news, mentioning that only a small number of vehicles were affected, and quietly offered owners a free software update from their local car dealer, like a traditional recall.
Then the very next day, the announcement to recall over 1.4 million of their cars, trucks, and SUVs shows the seriousness of the vulnerability, with affected car owners now getting an update directly from Chrysler via specialized USB drives.
“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” Fiat Chrysler said in a statement. So apparently this isn't something that can be done on a whim...but the inherent danger is still present, as Fiat-Chrysler also changed its controls over the network-level access to block the technique used by the hackers.
Fiat-Chrysler has been under increased scrutiny of late, with the National Highway Traffic Safety Administration already embroiled in a back-and-forth regarding Fiat-Chrysler's handling of safety recalls relating to more than 11 million vehicles, threatening fines and other punishments for what the NHTSA calls "foot-dragging." And now a separate probe has been launched to monitor the new hacking issues.
Connected cars, smart highways and automated vehicles will be coming our way in the very near future, and with these advancements come new flaws to exploit. In this case, the researchers were hired to hack, but say they did so to raise awareness about security questions surrounding connected cars.
With new laws on vehicle software safety being considered by Congress, this problem won't go away anytime soon. It's one thing to have hackers constantly striving for our personal information, but having hackers competing for access to our lifesaving brakes is another thing, entirely.