More Jeeps recalled as Fiat Chrysler faces new wireless hacking vulnerability

Posted on 10 Sep 2015 by Cobey Bartels

A further 7,810 US-market Jeeps have been recalled following Fiat Chrysler Automobiles’ (FCA) after a new hacking exploit was found in the 2015 Jeep Renegade sports utility vehicle (SUV).

FCA recalled vehicles affected by a software bug that provides a wireless entry point for hackers looking to take control of the vehicle.

The Jeep Renegades affected are the 2015 models, in particular the variants with a 6.5-inch touchscreen built-in.

FCA said in an official statement that “more than half remain in dealer hands and will be serviced before they are sold”, when outlining the number of SUV’s to be recalled.

FCA made it clear that despite the flaw, hacking of the software hasn’t yet caused any claims or injuries and would require a specialised skillset and full access to a vehicle.

“The Company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration.”

“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” FCA said in the statement.

FCA appears to be proactively improving software practices, and ensured in a statement that they have established a team to mitigate future hacking risks.

“The security of FCA US customers is a top priority, as is retaining their confidence in the Company’s products.

“Accordingly, FCA US has established a dedicated System Quality Engineering team focused on identifying and implementing best practices for software development and integration,” FCA said in the statement.

Not the first hacking recall but hopefully the last for Fiat Chrysler

The Manufacturer reported the previous FCA recall of 1.4 million Jeep Cherokees in July, after researchers took control of a moving test vehicle.

The hack was executed by researchers Charlie Miller, a former NSA staffer, and Chris Valasek, director of vehicle security for IOActive, prompting the recalls along with a wave of media attention.

The affected Jeep Cherokees featured the Uconnect system, including internet connectivity with their in-car entertainment systems.

FCA issued a software patch that required owners to download and install using a USB, although the potential risk associated with using a potentially unsafe USB prompted the option of a dealer visit to load the fix.

In a statement outlining the most recent recall, FCA seems to have taken action following both of the software vulnerabilities.

“FCA US has already applied measures to prevent the type of vehicle manipulation demonstrated in a recent media report.

“These measures – which required no customer or dealer actions – block remote access to certain vehicle systems,” FCA said in the statement.