Fiat Chrysler Recalls 1.4 Million Vehicles Over Hacking Vulnerability

Chris Valasek LA Auto Show 2014 H

Hackers documented taking remote control of the accelerator, transmission, brakes and other functions of a moving Jeep Cherokee.

Underscoring the increasing possibility of a real-life Speed, Fiat Chrysler announced the recall of 1.4 million vehicles on Friday after hackers documented it was possible to remotely control the accelerator, brakes and other systems of a Jeep Cherokee traveling at 70 mph through a vulnerability in the SUV's infotainment system.  

The recall was spurred by a Wired magazine story in which cybersecurity experts and hackers Chris Valasek and Charlie Miller remotely hacked the Jeep through its UConnect entertainment system, The Associated Press reported.

The recall covers Dodge, Chrysler and Jeep vehicles equipped with 8.4-inch touchscreens. Fiat Chrysler said that in addition to a patch that will be installed in individual cars, it also has made security changes to its vehicle network.

The Jeep hack is the latest demonstration of the vulnerability of connected cars. 

Last summer, a Chinese technology company announced it had taken over a Tesla Model S remotely and was able to turn its headlights on and off, open and close its sunroof and manipulate its locks while the car was moving, and earlier this year hackers were able to lock and unlock BMWs remotely. (Tesla and BMW subsequently issued software patches.)

The 2015 Defcon hacker's conference next month in Las Vegas will host a Car Hacking Village (its slogan: "Hacking Plus Connected Cars Equals Fun!"). Representatives from major automakers are expected to attend. Also at the conference, security experts Marc Rogers and Kevin Mahaffey plan to reveal five unpatched vulnerabilities in the Model S

Valasek, who previously hacked into a moving Toyota Prius, has repeatedly warned that as cars become more connected their computers and electronic systems need to have more robust security.

Speaking on a panel at the 2014 Los Angeles Auto Show, Valasek warned that cars that communicate with the cloud will always be vulnerable to remote attack by malicious hackers.

"These systems are designed to communicate with the outside world — and anything that connects to the outside world is an attack vector," Valasek said.

Valasek stressed that, for now, the threat to the average car owner is relatively low because the cost to hack a car's computer system is prohibitively high.

"Software attacks are opportunistic," Valasek told The Hollywood Reporter. "To attack a car, first you've got to buy the car" to discover its vulnerabilities. "The return on investment isn't very high," he said.

But Valasek added that as cars increasingly receive remote software updates, as in the Tesla Model S, the auto industry will have to address the security issue in the same manner as computers — by issuing regular software upgrades and security patches. 

"I don't think there is a solution," he said.