VIDEO: Hackers Take Control of 2014 Jeep Cherokee

FCA US is recalling about 1.4 million vehicles to install a software patch that addresses a hacking vulnerability tied to the Uconnect infotainment system.

The recall covers vehicles equipped with 8.4-inch touchscreens. Included are:

  • 2013-2015 MY Dodge Viper specialty vehicles
  • 2013-2015 MY Ram 1500, 2500 and 3500 pickups
  • 2013-2015 MY Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 MY Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 MY Dodge Durango SUVs
  • 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 MY Dodge Challenger sports coupes.

“The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action,” FCA US said in a released statement. “Further, FCA US has applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report.”

FCA US said it implemented those network security measures, aimed at blocking remote access to certain vehicle systems, on July 23. They required no customer or dealer actions.

These new vehicle security measures come in response to a Wired report describing how security researchers at IOActive successfully hacked into a 2014 Jeep Cherokee through its cellular connection. During the hacking test, the researchers remotely seized control of such equipment as the air conditioning system, radio and windshield wipers. The hackers also eventually shut off the engine while the vehicle was traveling on a highway. (To watch a video of the experiment, click on the photo or link below the headline.)

As part of the recall, vehicle owners will receive a USB device that will let them install the software patch. This software will provide “additional security features independent of the network-level measures,” FCA US said.

Vehicle owners can click here to determine whether their vehicle is included in the recall. (You need to have the VIN to check.)

FCA US also noted it has established a system-quality engineering team to focus on software development and integration best practices.

“The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,” the automaker said. “No defect has been found. FCA US is conducting this campaign out of an abundance of caution.”

Vehicle owners can reach the FCA US customer care center at (800) 853-1403.


Related: Jeep Cherokee Hacked by Security Researchers


Originally posted on Automotive Fleet