Chrysler recalls 1.4m cars that were vulnerable to remote hacking

Voluntary step comes after report showed hackers disabling a Jeep on a busy interstate

Chrysler has launched a recall of 1.4 million recent model cars that were vulnerable to being remotely accessed and controlled by hackers.

The recall comes days after Wired reported a demonstration by hackers in which they were able to access and control a Chrysler Jeep as it was being driven.

The hack detailed in the Wired article took place under somewhat controlled conditions -- the driver, a Wired writer knew that it was about to happen -- but it occurred on the busy Interstate 64 near St. Louis. It culminated in the vehicle slowing down and causing something of a traffic obstacle for cars behind.

Chrysler said there's no indication such an attack has been launched against unsuspecting car owners, but it clearly illuminated a hole in the auto-maker's security.

The hackers behind the demonstration have been communicating with Chrysler for several months and the company issued a patch earlier in July. On Friday, after days of media attention, that patch turned into a recall.

The company briefly addressed the hack and, like most organizations caught off guard by hackers, underlined how sophisticated and difficult it must have been.

"The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code."

Still, it happened.

And that's exactly why two U.S. senators on Tuesday proposed new regulations that would mandate auto makers provide much better protection against hackers.

In part, the Security and Privacy in Your Car Act of 2015 seeks to ensure that critical software systems in cars be isolated and the entire vehicle be safeguarded against hacking by using "reasonable measures."

Chrysler says it has already strengthened its network security to prevent the hack demonstrated in the Wired article and therefore cars are already insulated against a similar attack.

The recall, which the auto maker is undergoing voluntarily, will provide a software update to vehicles that brings "additional security features," it said in a statement. It didn't detail what those security features are.

Cars covered by the recall are:

- 2013-2015 MY Dodge Viper specialty vehicles

- 2013-2015 Ram 1500, 2500 and 3500 pickups

- 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs

- 2014-2015 Jeep Grand Cherokee and Cherokee SUVs

- 2014-2015 Dodge Durango SUVs

- 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans

- 2015 Dodge Challenger sports coupes

Owners of affected vehicles will receive a USB stick that can be used to update their car software. There's also a website where owners can input their Vehicle Identification Number (VIN) to see if their car is affected.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Fiat ChryslerAutomotivesecurityindustry verticals

More about CherokeeIDGNewsTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Martyn Williams

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts