Fiat Chrysler issues recall of 1.4m vehicles following Jeep hack demo
Auto-firm announces software patch via USB stick
Italian-American auto-giant Fiat Chrysler (FCA) has issued a recall on 1.4m vehicles after two US hackers last week demonstrated a zero-day exploit in a 2013 Jeep Cherokee that allowed them to drive the vehicle into a ditch.
US roads regulator, the National Highway Traffic Safety Administration (NHTSA), reported the recall on its website on Thursday, naming a number of FCA models dated between 2013 and 2015, including the Jeep Grand Cherokee, Cherokee, Dodge Charger, Dodge Challenger, Dodge Durango and Dodge Viper.
According to Wired journalist Andy Greenberg, who was behind the wheel of the Jeep during the exploit demo, hackers Charlie Miller and Chris Valasek accessed the vehicle's "dashboard functions, steering, brakes, and transmission" while sitting in Miller's house 10 miles away. The pair were able to force the vehicle off the road by cutting control of the brakes.
"The affected vehicles are equipped with radios that have software vulnerabilities that can allow third-party access to certain networked vehicle control systems," the NHTSA confirmed in its recall post.
"Chrysler has had the wireless service provider close the open cellular connection to the vehicle that provided unauthorised access to the vehicle network," the regulator added, while pointing out that "the measure may not have been implemented on all vehicles and does not address access by other means".
The remedy offered to customers by FCA is a software patch, administered via USB stick. Customers can opt to have the stick mailed to them, or download the fix from http://www.driveuconnect.com/software-update/. Alternatively, they can take the car in to a service centre. FCA's code for the recall is R40.